Actively federated mobile authentication
First Claim
1. A method performed by a client computing device, the method comprising:
- sending a user credential over a computer network to an identity provider having an established trust relationship with a hosted service that is hosted by a computing system that is remote from the client computing device,the user credential being associated with a user of the client computing device;
receiving, from the identity provider over the computer network, a first token including authentication information configured to authenticate a service request with, the hosted service;
sending the, first token to a trust broker that has an established trust relationship with the identity provider;
receiving, from the trust broker in response to the first token, a second token including a form of authentication information that is different than the first token and is configured to authenticate a service relay to send the service request to the hosted service;
sending, to the service relay, the service request with the second token; and
receiving, from the service relay, a service response indicative of authentication of the client computing device by the hosted service based on the second token.
2 Assignments
0 Petitions
Accused Products
Abstract
To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user'"'"'s credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.
34 Citations
12 Claims
-
1. A method performed by a client computing device, the method comprising:
-
sending a user credential over a computer network to an identity provider having an established trust relationship with a hosted service that is hosted by a computing system that is remote from the client computing device, the user credential being associated with a user of the client computing device; receiving, from the identity provider over the computer network, a first token including authentication information configured to authenticate a service request with, the hosted service; sending the, first token to a trust broker that has an established trust relationship with the identity provider; receiving, from the trust broker in response to the first token, a second token including a form of authentication information that is different than the first token and is configured to authenticate a service relay to send the service request to the hosted service; sending, to the service relay, the service request with the second token; and receiving, from the service relay, a service response indicative of authentication of the client computing device by the hosted service based on the second token. - View Dependent Claims (2, 3, 4)
-
-
5. A client computing device comprising:
-
a processor; and memory storing instructions executable by the processor, wherein the instructions, when executed, configure the client computing device to; send a user credential over a computer network to an identity provider having an established trust relationship with a hosted service, that is hosted by a system that is remote from the client computing, device; receive, from the identity provider, a first token including authentication information configured to authenticate a service request with the hosted, service; send, to a service relay, the service request with the first token; and receive, from the service relay, a service response indicative of authentication of the client computing device by the hosted service based on the first token. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
Specification