System and method for pool-based identity authentication for service access without use of stored credentials

US 10,432,604 B2
Filed: 09/06/2018
Issued: 10/01/2019
Est. Priority Date: 05/13/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at an authentication authority, an authentication request from a web service provider, the authentication request comprising a service request by a service requestor to the web service provider to access a web service, and a service requestor identifying information;

determining authentication information from the service request sent to the web service, the service request comprising the authentication information;

validating the authentication information using independently verifiable data; and

in response to validating the authentication information meets the independently verifiable data, sending a grant or denial of access to the web service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer.

40 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at an authentication authority, an authentication request from a web service provider, the authentication request comprising a service request by a service requestor to the web service provider to access a web service, and a service requestor identifying information;
  
  determining authentication information from the service request sent to the web service, the service request comprising the authentication information;
  
  validating the authentication information using independently verifiable data; and
  
  in response to validating the authentication information meets the independently verifiable data, sending a grant or denial of access to the web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the authentication information comprises an IP address of the service request and the independently verifiable data comprises a range of IP addresses.
  - 3. The method of claim 2, wherein the IP address of the service request is extracted from an x-Forwarded HTTP value.
  - 4. The method of claim 1, wherein the authentication information comprises content of the service request.
  - 5. The method of claim 1, wherein the authentication information includes an attribute of the service request.
  - 6. The method of claim 1, further comprising performing a test on the independently verifiable data.
  - 7. The method of claim 1, further comprising retrieving the independently verifiable data from a secure provisioning repository.

8. A system comprising:
- a memory device for storing instructions; and
  
  a processor, which, when executing the instructions, causes the system to perform operations comprising;
  
  receiving an authentication request from a web service provider, the authentication request comprising a service request by a service requestor to the web service provider to access a web service, and a service requestor identifying information;
  
  determining authentication information from the service request sent to the web service, the service request comprising the authentication information;
  
  validating the authentication information using independently verifiable data; and
  
  in response to validating the authentication information meets the independently verifiable data, sending a grant or denial of access to the web service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the authentication information comprises an IP address of the service request and the independently verifiable data comprises a range of IP addresses.
  - 10. The system of claim 9, wherein the IP address of the service request is extracted from an x-Forwarded HTTP value.
  - 11. The system of claim 8, wherein the authentication information comprises content of the service request.
  - 12. The system of claim 8, wherein the authentication information includes an attribute of the service request.
  - 13. The system of claim 8, wherein the operations further comprise performing a test on the independently verifiable data.
  - 14. The system of claim 8, wherein the operations further comprise retrieving the independently verifiable data from a secure provisioning repository.

15. A computer readable non-transitory storage medium storing at least one program configured for execution by a computer, the at least one program comprising instructions to perform operations comprising:
- receiving an authentication request from a web service provider, the authentication request comprising a service request by a service requestor to the web service provider to access a web service, and a service requestor identifying information;
  
  determining authentication information from the service request sent to the web service, the service request comprising the authentication information;
  
  validating the authentication information using independently verifiable data; and
  
  in response to validating the authentication information meets the independently verifiable data, sending a grant or denial of access to the web service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable non-transitory storage medium of claim 15, wherein the authentication information comprises an IP address of the service request and the independently verifiable data comprises a range of IP addresses.
  - 17. The computer readable non-transitory storage medium of claim 16, wherein the IP address of the service request is extracted from an x-Forwarded HTTP value.
  - 18. The computer readable non-transitory storage medium of claim 15, wherein the authentication information comprises content of the service request.
  - 19. The computer readable non-transitory storage medium of claim 15, wherein the authentication information includes an attribute of the service request.
  - 20. The computer readable non-transitory storage medium of claim 15, wherein the operations further comprise performing a test on the independently verifiable data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Kolluru, Raju Venkata, Kleinpeter, Michael Dean
Primary Examiner(s)
Revak, Christopher A

Application Number

US16/123,107
Publication Number

US 20190081939A1
Time in Patent Office

390 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 9/321   involving a third party or ...

System and method for pool-based identity authentication for service access without use of stored credentials

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for pool-based identity authentication for service access without use of stored credentials

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links