Credential mapping
First Claim
Patent Images
1. An apparatus for mapping credentials, comprising:
- a processor configured to;
create a master credential that is used to identify and to authenticate a requestor in an electronic environment, the master credential is later acquired from a browser cookie and the master credential initially authenticates the requestor;
generate a new service credential for a service, and wherein the service credential is used to authenticate the requestor via an alias for the requestor for access to the service according to rules defined by the service and the service credential is different from the master credential and includes the alias to prevent the service from discovering the master credential, and the new service credential is generated by the method interacting with the service using the rules to establish the new service credential with that service for the alias;
generate a mapping from the master credential to the service credential thereby permitting the mapping to be used to acquire the service credential from the master credential when the requestor attempts to access the service and the service credential identifies and authenticates the requestor via the alias to the service according to the rules defined by the service, and the master credential is only transmitted between the requestor and the method, and in a first configuration the service credential is generated in a manner that permits the service credential to be dynamically reconstituted when requested; and
synchronize, in a second configuration, changes made to the service credential by an administrator of the service without knowledge or intervention being required by the requestor, the second configuration occurring when the first configuration is not present.
15 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and data structures map credentials. A master credential is established for a user or an application. The master credential is mapped to one or more service credentials associated with one or more services. When a request for a service is received from a requestor, the request is authenticated using the master credential. If the master credential is authenticated, then an appropriate service credential associated with the appropriate requested service is acquired and sent directly (via proxy) to the service on behalf of the requestor.
-
Citations
12 Claims
-
1. An apparatus for mapping credentials, comprising:
-
a processor configured to; create a master credential that is used to identify and to authenticate a requestor in an electronic environment, the master credential is later acquired from a browser cookie and the master credential initially authenticates the requestor; generate a new service credential for a service, and wherein the service credential is used to authenticate the requestor via an alias for the requestor for access to the service according to rules defined by the service and the service credential is different from the master credential and includes the alias to prevent the service from discovering the master credential, and the new service credential is generated by the method interacting with the service using the rules to establish the new service credential with that service for the alias; generate a mapping from the master credential to the service credential thereby permitting the mapping to be used to acquire the service credential from the master credential when the requestor attempts to access the service and the service credential identifies and authenticates the requestor via the alias to the service according to the rules defined by the service, and the master credential is only transmitted between the requestor and the method, and in a first configuration the service credential is generated in a manner that permits the service credential to be dynamically reconstituted when requested; and synchronize, in a second configuration, changes made to the service credential by an administrator of the service without knowledge or intervention being required by the requestor, the second configuration occurring when the first configuration is not present. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for mapping credentials implemented in a computer-readable medium and adapted to be processed by a computer, comprising:
-
receiving, by a computer, a master credential with a request to access a service the request is associated with a requestor that is attempting to access the service, and the master credential is only transmitted between the requestor and the method; authenticating, by the computer, the master credential and thereby authenticating and identifying the requestor; mapping, by the computer, the master credential to a new service credential, when the master credential is authenticated, and the service credential is subsequently acquired from the mapping in response to access to the master credential and the service credential authenticates the requestor via an alias for access to the service according to syntactic and semantic rules defined by the service, and the service credential was previously acquired by the method interacting with the service using the syntactic and semantic rules to establish the alias; providing, by the computer, the service credential via the mapping to the service, when the master credential is authenticated for purposes of authenticating the requestor for access to the service, the requestor is authenticated for access as the alias and the service cannot discover the master credential; subsequently altering the service credential by an administrator of the service; and synchronizing, by the computer, the changes to the service credential with the mapping, and the synchronization of the changes occurring without knowledge or intervention being required by the requestor. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification