Propagation of authentication data in an intermediary service component
First Claim
Patent Images
1. A method comprising:
- receiving, by an intermediary service component, a message from a sender computing system, the message comprising;
an assertion including first authentication data, an attester signature of the message, and an attester certificate, the attester signature being a digital signature of a first attester; and
second authentication data;
creating, by the intermediary service component, a first digest based at least on an identifier of the message, the first authentication data, and a system secret;
after the creating of the first digest, processing, by the intermediary service component, the message;
after the processing the message, creating, by the intermediary service component, a new digest based at least on the identifier of the message, the first authentication data, and the system secret;
determining, by the intermediary service component, whether the first digest conforms to the new digest;
if it is determined that the first digest conforms to the new digest, creating, by the intermediary service component, a second assertion including the first authentication data, a second attester signature of the processed message and a second attester certificate, the second attester signature being a digital signature of a second attester different than the first attester;
transmitting, by the intermediary service component, the second assertion and the processed message to a receiver computing system;
prior to the processing the message, performing an authentication action based on the second authentication data, determining whether the attester'"'"'s signature is valid, and determining whether the attester certificate is trusted.
2 Assignments
0 Petitions
Accused Products
Abstract
A system may include a sender computing system, an intermediary service component, and a receiver computing system. The sender computing system may transmit a message and authentication data, and the intermediary service component may receive the message and the authentication data from the sender computing system, process the message, and transmit the authentication data and the processed message. The receiver computing system may receive the authentication data and the processed message.
37 Citations
17 Claims
-
1. A method comprising:
-
receiving, by an intermediary service component, a message from a sender computing system, the message comprising; an assertion including first authentication data, an attester signature of the message, and an attester certificate, the attester signature being a digital signature of a first attester; and second authentication data; creating, by the intermediary service component, a first digest based at least on an identifier of the message, the first authentication data, and a system secret; after the creating of the first digest, processing, by the intermediary service component, the message; after the processing the message, creating, by the intermediary service component, a new digest based at least on the identifier of the message, the first authentication data, and the system secret; determining, by the intermediary service component, whether the first digest conforms to the new digest; if it is determined that the first digest conforms to the new digest, creating, by the intermediary service component, a second assertion including the first authentication data, a second attester signature of the processed message and a second attester certificate, the second attester signature being a digital signature of a second attester different than the first attester; transmitting, by the intermediary service component, the second assertion and the processed message to a receiver computing system; prior to the processing the message, performing an authentication action based on the second authentication data, determining whether the attester'"'"'s signature is valid, and determining whether the attester certificate is trusted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory medium storing processor-executable program code, the program code comprising:
-
code to receive, by an intermediary service component, a message from a sender computing system, the message comprising; an assertion including first authentication data, an attester signature of the message, and an attester certificate, the attester signature being a digital signature of a first attester; and second authentication data; code to create, by the intermediary service component, a first digest based at least on an identifier of the message, the first authentication data, and a system secret; code to process the message after the creation of the first digest; code to, after the processing of the message, create, by the intermediary service component, a new digest based at least on the identifier of the message, the first authentication data, and the system secret; code to determine whether the first digest conforms to the new digest; code to create, if it is determined that the first digest conforms to the new digest, a second assertion including the first authentication data, a second attester signature of the processed message and a second attester certificate, the second attester signature being a digital signature of a second attester different than the first attester; code to transmit the second assertion and the processed message to a receiver computing system; and code to, prior to the processing of the message, perform an authentication action based on the second authentication data, determine whether the attester signature is valid and determine whether the attester certificate is trusted. - View Dependent Claims (11, 12, 13)
-
-
14. A system comprising:
-
a sender computing system to transmit a message, the sender computing system including a memory to store program code, the message comprising; an assertion including first authentication data, an attester signature of the message, and an attester certificate, the attester signature being a digital signature of a first attester; and second authentication data; an intermediary service component including a processor to execute program code, the intermediary service component to receive the message from the sender computing system and further to; create a first digest based at least on an identifier of the message, the first authentication data, and a system secret; process the message after the creation of the first digest; after the processing of the message, create a new digest based at least on the identifier of the message, the first authentication data, and the system secret; determine whether the first digest conforms to the new digest; create, if it is determined that the first digest conforms to the new digest, a second assertion including the first authentication data, a second attester signature of the processed message and a second attester certificate, the second attester signature being a digital signature of a second attester different than the first attester; transmit the second assertion and the processed message; and prior to processing of the message, perform an authentication action based on the second authentication data, determine whether the attester signature is valid and determine whether the attester certificate is trusted; and a receiver computing system to receive the second assertion and the processed message. - View Dependent Claims (15, 16, 17)
-
Specification