Virtual requests
First Claim
1. A request service of a distributed computing system, comprising:
- one or more memories; and
one or more processors executing instructions from the one or more memories, the request service configured to;
identify that an authentication service computer stores a client digital identity certificate of a client computer;
initiate a certificate exchange session with the client computer;
prior to computing a certificate exchange receipt and during the certificate exchange session,construct a session identifier based at least in part on an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action that the client computer requests to perform as part of completing a handshake procedure; and
transmit the session identifier to the client computer as part of the handshake procedure;
compute the certificate exchange receipt based at least in part on the certificate exchange session;
sign the certificate exchange receipt using a private key for a service digital identity certificate of the request service;
provide the signed certificate exchange receipt to the authentication service computer;
receive an issued credential for calling an independent service; and
communicate with the independent service using the issued credential.
1 Assignment
0 Petitions
Accused Products
Abstract
A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.
-
Citations
18 Claims
-
1. A request service of a distributed computing system, comprising:
-
one or more memories; and one or more processors executing instructions from the one or more memories, the request service configured to; identify that an authentication service computer stores a client digital identity certificate of a client computer; initiate a certificate exchange session with the client computer; prior to computing a certificate exchange receipt and during the certificate exchange session, construct a session identifier based at least in part on an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action that the client computer requests to perform as part of completing a handshake procedure; and transmit the session identifier to the client computer as part of the handshake procedure; compute the certificate exchange receipt based at least in part on the certificate exchange session; sign the certificate exchange receipt using a private key for a service digital identity certificate of the request service; provide the signed certificate exchange receipt to the authentication service computer; receive an issued credential for calling an independent service; and communicate with the independent service using the issued credential. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method performed by a request service of a distributed computing system, comprising:
-
identifying, by the request service, that an authentication service computer stores a digital identity certificate of a client computer; initiating, by the request service, a certificate exchange session with the client computer; prior to computing a certificate exchange receipt and during the certificate exchange session, constructing a session identifier based at least in part on an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action that the client computer requests to perform as part of completing a handshake procedure; and transmitting the session identifier to the client computer as part of the handshake procedure; computing, by the request service, the certificate exchange receipt based at least in part on the certificate exchange session; signing, by the request service, the certificate exchange receipt using a private key for a service digital identity certificate of the request service; providing, by the request service, the signed certificate exchange receipt to the authentication service computer, the signed certificate exchange receipt being associated with the certificate exchange session; receiving, by the request service, an issued credential for calling an independent service; and communicating, by the request service, with the independent service using the issued credential. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An authentication service computer of a distributed computing system, comprising:
-
one or more memories; and one or more processors executing instructions from the one or more memories, the authentication service computer configured to; receive a client digital identity certificate from a client computer; identify that the client computer and a request service of the distributed computing system initiate a certificate exchange session; prior to computing a certificate exchange receipt and during the certificate exchange session, enable construction of a session identifier based at least in part on an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action that the client computer requests to perform as part of completing a handshake procedure; and enable transmission of the session identifier to the client computer as part of the handshake procedure; receive, from the request service, the certificate exchange receipt that was signed by the request service using a private key for a service digital identity certificate of the request service, the signed certificate exchange receipt associated with the certificate exchange session, the request service, and the client computer; compare the signed certificate exchange receipt with the service digital identity certificate signed by the request service; and based at least in part on the comparison, provide an issued credential associated with the client computer to the request service. - View Dependent Claims (15, 16, 17, 18)
-
Specification