Dynamically updating authentication schemes
First Claim
Patent Images
1. A method, comprising:
- under control of one or more processors configured with executable instructions, performing actions including;
generating, by an application, a service request to a network services provider that includes one or more request parameters;
composing a string-to-sign based at least in part on the one or more request parameters and in accordance with a predefined digital signature generation scheme defined, at least in part, by the network services provider;
signing the string-to-sign in accordance with the predefined digital signature generation scheme to generate an authenticating digital signature;
submitting, through the application, the service request and the authenticating digital signature;
receiving, from the network services provider, a notification regarding an updated digital signature generation scheme, the notification indicating at least one of an expiration of the predefined digital signature generation scheme or that the predefined digital signature generation scheme is invalid;
receiving, from the network services provider, instructions for creating an authentication signature by implementing the updated digital signature generation scheme; and
in response to receiving the instructions, implementing the updated digital signature generation scheme when subsequently composing and signing the string-to-sign, wherein receiving the instructions for creating the authentication signature and implementing the updated digital signature generation scheme occurs while the application is executing.
1 Assignment
0 Petitions
Accused Products
Abstract
When requesting network services, clients often supply authentication information such as digital signatures. A network provider may from time to time change its authentication scheme. Clients are notified of the change and are provided with an updated authentication specification. Upon receiving the updated authentication specification, a client updates its authentication logic accordingly, and subsequently prepares and provides authentication information in accordance with the new authentication scheme.
7 Citations
32 Claims
-
1. A method, comprising:
-
under control of one or more processors configured with executable instructions, performing actions including; generating, by an application, a service request to a network services provider that includes one or more request parameters; composing a string-to-sign based at least in part on the one or more request parameters and in accordance with a predefined digital signature generation scheme defined, at least in part, by the network services provider; signing the string-to-sign in accordance with the predefined digital signature generation scheme to generate an authenticating digital signature; submitting, through the application, the service request and the authenticating digital signature; receiving, from the network services provider, a notification regarding an updated digital signature generation scheme, the notification indicating at least one of an expiration of the predefined digital signature generation scheme or that the predefined digital signature generation scheme is invalid; receiving, from the network services provider, instructions for creating an authentication signature by implementing the updated digital signature generation scheme; and in response to receiving the instructions, implementing the updated digital signature generation scheme when subsequently composing and signing the string-to-sign, wherein receiving the instructions for creating the authentication signature and implementing the updated digital signature generation scheme occurs while the application is executing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more non-transitory computer-readable media including instructions that are executable by one or more processors to perform actions comprising:
-
generating a digital signature scheme based at least in part on client authentication logic that is predetermined, at least in part, by a network service; generating a string-to-sign based at least in part on the digital signature scheme and a service request that includes one or more request parameters; determining a signed string-to-sign based at least in part on the string-to-sign; generating an authenticating digital signature based at least in part on the signed string-to-sign and the digital signature scheme; calling the network service from a client application; submitting, through the client application, the authenticating digital signature; receiving, from the network service, a notification indicating at least one of an expiration of the digital signature scheme or that the digital signature scheme is no longer valid; receiving, from the network service, an updated digital signature generation scheme designated by the network service to authorize the client application to call the network service; and in response to receiving the updated digital signature generation scheme, updating the client authentication logic in accordance with the updated digital signature generation scheme when subsequently generating the string-to-sign and the authenticating digital signature without restarting the client application. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A network-based service, comprising:
-
one or more processors; computer-readable memory storing instructions that are executable by the one or more processors to perform actions comprising; receiving one or more service requests from a client, the one or more service requests being generated by a client application associated with the client and including one or more request parameters; receiving authenticating information from the client in conjunction with the one or more service requests, the authenticating information comprising a signed string-to-sign based at least in part on a digital signature generation scheme, wherein the signed string-to-sign is generated based at least in part on the one or more request parameters, and wherein the digital signature generation scheme is at least one of expired or invalid; authenticating the one or more service requests based at least in part on the authenticating information; notifying the client that the digital signature generation scheme is at least one of expired or invalid; and indicating an updated digital signature generation scheme to the client, wherein the updated digital signature generation scheme is to be implemented by the client in order to generate the authenticating information. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification