IDENTITY MANAGEMENT OVER MULTIPLE IDENTITY PROVIDERS

US 20170099281A1
Filed: 10/05/2015
Published: 04/06/2017
Est. Priority Date: 10/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

requesting a backend service from multiple backend services by a requesting device; and

exposing the requested backend service though a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and processes of advanced identity management over multiple identity providers deployable through mobile applications are provided. The process, e.g., method, includes requesting a backend service from multiple backend services by a requesting device. The method further includes exposing the requested backend service though a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device.

25 Citations

View as Search Results

20 Claims

1. A method comprising:
- requesting a backend service from multiple backend services by a requesting device; and
  
  exposing the requested backend service though a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising providing token templates which match what identity parameters a service needs to the requested backend services.
  - 3. The method of claim 2, wherein the gateway service directly calls in and is exposed to the requested backend services using the token and a token template of the token templates.
  - 4. The method of claim 2, wherein the token templates allow a developer to use a single token for identity management regardless of changes to user ID or services of the multiple backend services.
  - 5. The method of claim 4, wherein a service template manager determines which backend identity parameters need to be passed and how they need to be passed to the backend services.
  - 6. The method of claim 1, wherein the token is stored in a vault of an identity management system accessible by the gateway service to facilitate a call in to the requested backend service.
  - 7. The method of claim 6, wherein the identity management system manages identities of plural devices through the use of tokens which are recognized by the backend services when passed by the gateway service.
  - 8. The method of claim 1, further comprising authenticating the device using an MBaaS IDM service, prior to exposing the requested backend service.
  - 9. The method of claim 1, wherein:
    - the device calls into the gateway service to expose the requested backend service;
      
      the gateway service obtains the token and a token template from an identity service;
      
      the gateway service calls into the requested backend service to expose the backend service directly to the gateway service; and
      
      the requested backend service is provided to the device from the gateway service.
  - 10. The method of claim 9, wherein the identity service inspects a service that is being called and determines which service template should be used to map the tokens to the backend service.
  - 11. The method of claim 10, wherein a developer passes a single token in order to retrieve proper credentials using the gateway service.

12. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, and the program instructions are readable by a computing device to cause the computing device to perform a method comprising:
- mapping tokens to parameters in a service call to a requested backend service;
  
  making the service call to a requested backend service, from a service provider;
  
  exposing the requested backend service only to the service provider; and
  
  providing a service of the requested backend service to a device, directly from the the service provider while not exposing the backend service to the device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer program product of claim 12, further comprising identity services which provide a credential vault for a user to store a crypographic hash of a password and username that is used in conjunction with a valid identity token to leverage passwords for non-authorized legacy systems that the user may be required to login to retrieve data or leverage services.
  - 14. The computer program product of claim 13, wherein the identity services request a token and cryptographic hash in a validation transaction to open the credential vault.
  - 15. The computer program product of claim 14, further comprising:
    - obtaining identity information from each of the backend services.returning a single token to the device;
      
      calling the requested backend service by requesting the service through the service provider;
      
      obtaining the mapped token and a service template from an identity management service; and
      
      calling the requested backend service directly from the service provider with the service template and the mapped token attached to the call.
  - 16. The computer program product of claim 15, wherein the service template is configured to allow a developer to use a single token for identity management regardless of changes to user ID or services of the backend services.
  - 17. The computer program product of claim 15, wherein the service template determines which backend identity parameters need to be passed and how they need to be passed to the backend services.

18. A system comprising:
- a CPU, a computer readable memory and a computer readable storage medium;
  
  program instructions to enter usernames and passwords for systems on a device during a registration process;
  
  program instructions to call an identity management platform to create an identity vault using the username and password supplied by the device;
  
  program instructions to create a cryptographic hash of the username and password submitted during initial registration as a key to the vault;
  
  program instructions to send the key back to the device which uses the key and a valid identity token on future access to the vault to update, delete or create new credentials for the vault; and
  
  program instructions to map the credentials in the vault by name to a backend service,wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, further comprising program instructions:
    - to create credential names that the device needs to provide credentials for;
      
      program instructions to send a request to the device to update a specific credential;
      
      program instructions to receive the updated username and password along with a name of the credential to update and a new username and password, which is shielded from an administrator;
      
      program instructions to establish a master backend which is configured to be a single point where a user authenticates on first load of the application; and
      
      program instructions to send an identity token back to the device, which is sent with the key back to a service provider whenever the service provider needs to establish an identity for a backend service.
  - 20. The system of claim 18, further comprising program instructions to set a timeout for how long access credentials within the vault are valid without asking for a revalidation request from the device which would respond with the key and the token, once the credential vault is open.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kony, Inc. (Temenos AG)
Original Assignee
Kony, Inc. (Temenos AG)
Inventors
BENDAPUDI, Perraju, CHANDERASAKAR, Deepak, MUDUMBAI, Gopi Krishna, PADMASOLA, Krishna, PERI, Jagan, TREVATHAN, Matthew B., HILDAHL, Bjorn, RAMANATHAN, Sri, TERRY, Matthew A.

Granted Patent

US 9,712,513 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/86   Mapping to a database

H04L 63/06   for supporting key manageme...

H04L 63/0807   using tickets, e.g. Kerbero...

IDENTITY MANAGEMENT OVER MULTIPLE IDENTITY PROVIDERS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY MANAGEMENT OVER MULTIPLE IDENTITY PROVIDERS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links