Short-lived certificate authority service
First Claim
Patent Images
1. A method comprising:
- forming, by a processor of a client device configured to communicate with other devices via a network, a bundled request, for communication to an authentication service over a network, the bundled request is configured according to an extended web service trust protocol that comprises a web service trust protocol for token requests that is extended with syntax that permits a request for a certificate, such that the extended web service trust protocol supports bundled requests for a token and a certificate, and the bundled request comprises a request for a token to prove identity at any of a plurality of service providers and a request for a certificate to establish secure communications;
receiving, by the client device, the token and the certificate in response to the bundled request; and
establishing, by the client device, secure communications for secure data sharing between the client device and a different client device using the received certificate with another certificate of the different client device.
2 Assignments
0 Petitions
Accused Products
Abstract
An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.
241 Citations
20 Claims
-
1. A method comprising:
-
forming, by a processor of a client device configured to communicate with other devices via a network, a bundled request, for communication to an authentication service over a network, the bundled request is configured according to an extended web service trust protocol that comprises a web service trust protocol for token requests that is extended with syntax that permits a request for a certificate, such that the extended web service trust protocol supports bundled requests for a token and a certificate, and the bundled request comprises a request for a token to prove identity at any of a plurality of service providers and a request for a certificate to establish secure communications; receiving, by the client device, the token and the certificate in response to the bundled request; and establishing, by the client device, secure communications for secure data sharing between the client device and a different client device using the received certificate with another certificate of the different client device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method implemented at a computing device, the method comprising:
-
receiving, by an authentication service executed at the computing device having a processor and memory and configured to issue tokens and certificates, a single request from a client over a network; issuing, by the authentication service executed at the computing device, a response to the single request utilizing an extended web service trust protocol, the extended web service trust protocol comprises a web service trust protocol for certificate requests that is extended with syntax which permits inclusion of the certificate in the response to the single request, and the single request includes; a token configured to be provided as proof of the client'"'"'s identity to at least one service provider; and a certificate that is separate and distinct from the token, and when the certificate is received by the client, the certificate is used with another certificate received from a different client to establish secure peer-to-peer transactions between the client and the different client. - View Dependent Claims (7, 8, 9)
-
-
10. One or more computer readable media comprising computer executable instruction that when executed by a computer direct the computer to perform a method comprising:
-
executing a messaging module to communicate with another computer; in response to executing the messaging module, generating a bundled request for a token and a short-lived certificate (SLC) using an extended web service trust protocol, wherein the extended web service trust protocol comprises a web service trust protocol for token requests that is extended with syntax that permits a request for an SLC, such that the extended web service trust protocol supports bundled requests for a token and an SLC; communicating the bundled request to an authentication service, wherein the bundled request is authenticated by the authentication service using client credentials; in response to the bundled request, receiving a particular token and a particular SLC, wherein the particular SLC is configured to establish a secure peer-to-peer communications channel; presenting the particular token as proof of identity at any of a plurality of service providers without needing additional authentication at said providers; using the particular SLC and an additional SLC received at the another computer to establish a secure peer-to-peer communications channel between the computer and the another computer without the authentication service validating the particular SLC received at the computer and the additional SLC received at the another computer; and sharing data with the another computer via the secure peer-to-peer communications channel. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification