Multiple security token transactions
First Claim
Patent Images
1. One or more computer-readable storage media, wherein the computer-readable storage media exclude propagating carrier waves, the computer-readable storage media storing computer-executable instructions that, when executed, cause one or more processors to perform operations for transferring a plurality of security tokens comprising:
- receiving a request from at least one client for communication by an authentication service requesting the plurality of security tokens, each security token configured to prove an identity of the at least one client at a respective service provider, the request configured according to a web service trust protocol that is extended with syntax to support a multiple security token transaction and to enable inclusion of multiple error nodes in a response to the request by separately handling authentication errors for each security token of the plurality of security tokens, each of the multiple error nodes indicating an authorization state and a request state associated with a respective security token of the plurality of security tokens;
generating the plurality of security tokens by the authentication service;
sending the plurality of security tokens to the at least one client via a single transaction between the authentication service and the at least one client, the plurality of security tokens comprising an authentication token configured to prove the identity of the at least one client at the authentication service;
receiving the authentication token by the authentication service to prove the identity of the at least one client to provide one or more other security tokens;
confirming the identity of the at least one client based on the authentication token;
determining one or more service providers that the at least one client is authorized to access, the one or more service providers configured to provide a suite of resources based on the identity of the at least one client; and
generating the one or more other security tokens, each of the one or more other security tokens configured to prove identity of the at least one client at the one or more service providers.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of multiple security token transactions are described herein. One or more of the described techniques may be utilized to provide, in a single request and response, an authentication token and a plurality security tokens for proof of identity at respective service providers.
260 Citations
12 Claims
-
1. One or more computer-readable storage media, wherein the computer-readable storage media exclude propagating carrier waves, the computer-readable storage media storing computer-executable instructions that, when executed, cause one or more processors to perform operations for transferring a plurality of security tokens comprising:
-
receiving a request from at least one client for communication by an authentication service requesting the plurality of security tokens, each security token configured to prove an identity of the at least one client at a respective service provider, the request configured according to a web service trust protocol that is extended with syntax to support a multiple security token transaction and to enable inclusion of multiple error nodes in a response to the request by separately handling authentication errors for each security token of the plurality of security tokens, each of the multiple error nodes indicating an authorization state and a request state associated with a respective security token of the plurality of security tokens; generating the plurality of security tokens by the authentication service; sending the plurality of security tokens to the at least one client via a single transaction between the authentication service and the at least one client, the plurality of security tokens comprising an authentication token configured to prove the identity of the at least one client at the authentication service; receiving the authentication token by the authentication service to prove the identity of the at least one client to provide one or more other security tokens; confirming the identity of the at least one client based on the authentication token; determining one or more service providers that the at least one client is authorized to access, the one or more service providers configured to provide a suite of resources based on the identity of the at least one client; and generating the one or more other security tokens, each of the one or more other security tokens configured to prove identity of the at least one client at the one or more service providers. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of transferring a plurality of security tokens comprising:
-
receiving, at an authentication server comprising a processor and a computer-readable storage media to store instructions that are executable by the processor, a single request from a client over a network seeking the plurality of security tokens, the plurality of security tokens comprising one or more service tokens; determining one or more resources of the at least one service provider that the client is authorized to access, each of the one or more service tokens configured to be provided to at least one service provider as proof of the client'"'"'s identity to access the one or more resources of the at least one service provider; communicating to the client, in response to the single request, the plurality of security tokens, the plurality of security tokens comprising at least one authentication token configured to be provided to the authentication server as proof of the client'"'"'s identity to receive another service token; receiving at the authentication server the at least one authentication token with a second request for the another service token, the another service token configured to be provided to another service provider as proof of the client'"'"'s identity to access resources of the another service provider; confirming proof of the client'"'"'s identity with the at least one authentication token; providing to the client the another service token; and forming a response to the single request, the response compliant with a web service trust protocol that is extended with syntax to enable inclusion of multiple error nodes in the response, each of the multiple error nodes providing an authorization state and a request state associated with a corresponding security token of the one or more service tokens. - View Dependent Claims (7, 8, 9, 10)
-
-
11. One or more computer-readable storage media, wherein the computer-readable storage media exclude propagating carrier waves, the computer-readable storage media storing computer-executable instructions that, when executed, cause one or more processors to perform operations for transferring a plurality of security tokens comprising:
-
communicating to an authentication service a request having credentials to authenticate a client and requesting the plurality of security tokens, the authentication service to determine a plurality of resources that the client is authorized to access, the request configured according to a web service trust protocol that is extended to support a multiple security token transaction and to separately handle authentication errors for each security token requested in the multiple security token transaction by embedding an error node in a response to the request, each error node indicating an authorization state and a request state associated with each security token of the plurality of security tokens; sending, in the response to the request, the plurality of security tokens comprising an authentication token and one or more service tokens, each of the one or more service tokens corresponding to a respective service provider; accepting the authentication token as proof of identity by the authentication server without submitting user credentials to obtain at least one other service token corresponding to another service provider; confirming the proof of identity based on the authentication token; sending the at least one other service token to the client; and providing without submitting user credentials the one or more service tokens or the at least one service token to the respective service provider or the another service provider as proof of identity to access one or more resources from the plurality of resources, the one or more resources associated with the respective service provider or the another service provider. - View Dependent Claims (12)
-
Specification