PROTECTING USER CREDENTIALS USING AN INTERMEDIARY COMPONENT
First Claim
1. A method implemented by a first component, the method comprising:
- receiving, from a second component, a first request to access a service or resource without credentials of a current user of the second component being revealed to the second component;
obtaining, in response to the first request, user credentials for the current user, wherein the user credentials are associated with the service or resource;
sending, to the service or resource, both a second request to access the service or resource and the user credentials;
receiving, in response to the second request, session state information from the service or resource; and
returning the session state information to the second component, wherein the session state information allows the second component and the service or resource to communicate with each other independently of the first component.
2 Assignments
0 Petitions
Accused Products
Abstract
An access component sends an access request to an intermediary component, the access request being a request to access a service or resource without credentials of a current user of the intermediary component being revealed to the access component. The intermediary component obtains user credentials, for the current user, that are associated with the service or resource. The access request and the user credentials are sent to the service or resource, and in response session state information is received from the service or resource. The session state information is returned to the access component, which allows the access component and the service or resource to communicate with one another based on the session state information and independently of the first component.
-
Citations
20 Claims
-
1. A method implemented by a first component, the method comprising:
-
receiving, from a second component, a first request to access a service or resource without credentials of a current user of the second component being revealed to the second component; obtaining, in response to the first request, user credentials for the current user, wherein the user credentials are associated with the service or resource; sending, to the service or resource, both a second request to access the service or resource and the user credentials; receiving, in response to the second request, session state information from the service or resource; and returning the session state information to the second component, wherein the session state information allows the second component and the service or resource to communicate with each other independently of the first component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method implemented by a first component, the method comprising:
-
receiving a first request from a user of the first component to access a service or resource without credentials of the user being revealed to the first component; sending, to a second component and in response to the first request, a second request to access the service or resource based on user credentials for the user; receiving, from the second component and in response to the second request, session state information received by the second component from the service or resource; and communicating, using the session state information, with the service or resource. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
receive, from an access component, a first request to access a service, wherein the access component and the service are implemented by different computing devices, and wherein credentials of a current user of the access component are not revealed to the access component; check whether a user authorization to send user credentials to the service is received at the computing device; if the user authorization is not received then deny the first request; and if the user authorization is received then; obtain previously stored user credentials for a current user of the access component, wherein the user credentials are associated with the service; send, to the service, both a second request to access the service and the user credentials; receive, in response to the second request, session state information; return the session state information to the access component, wherein the session state information allows the access component and the service to communicate with each other independently of the computing device and without the user credentials being revealed to the access component.
-
Specification