Authentication token with client key
First Claim
1. A method, comprising:
- receiving a first request to access a secure service, the first request including a first token and a second token;
extracting a client public key from the first token;
validating the second token with the client public key extracted from the first token;
authorizing access to the secure service upon validation of the second token;
creating a third token signed by a server private key; and
transmitting to a second server a second request for access to the second server, the second request including the first token and the third token,wherein the first token is configured to validate a client device for the access to the second server, and the third token is configured to validate a requesting entity of the second request for access to the second server.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for using two tokens to request access to a secure server. The tokens allow the server to verify, without an external call, that the requesting device is one identified in the request and that the requesting device is authorized by a trusted identity provider. A first token is an authentication token issued by the trusted identity provider and including a client device public key. The second token is a proof-of-possession token that is signed by a client device using a client device private key corresponding to the client device public key. The server obtains the client device public key from the authentication token, and then uses the client device public key to validate the proof-of-possession token. The authentication token can be re-used by a server creating its own proof-of-possession token for presentation to a second server to access a secure service on the second server.
-
Citations
10 Claims
-
1. A method, comprising:
-
receiving a first request to access a secure service, the first request including a first token and a second token; extracting a client public key from the first token; validating the second token with the client public key extracted from the first token; authorizing access to the secure service upon validation of the second token; creating a third token signed by a server private key; and transmitting to a second server a second request for access to the second server, the second request including the first token and the third token, wherein the first token is configured to validate a client device for the access to the second server, and the third token is configured to validate a requesting entity of the second request for access to the second server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more non-transitory computer-readable media, containing computer executable instructions, comprising:
-
a first code segment that, when executed, receives a first request from a client device to access a secure service, the first request including a first token and a second token; a second code segment that, when executed, extracts a client device public key from the first token; a third code segment that, when executed, validates the second token using the client device public key extracted from the first token; a fourth code segment that, when executed, authorizes access to the secure service upon successful validation of the second token; a fifth code segment that, when executed, creates a third token signed with a first server private key; and a sixth code segment that, when executed, creates a second request to a second server, the second request including the first token and the third token, wherein the third token is configured to be validatable with a first server public key, and the first token is configured to be validatable with an identity provider public key. - View Dependent Claims (8, 9, 10)
-
Specification