Propagation of principal authentication data in a mediated communication scenario
First Claim
Patent Images
1. A method comprising:
- receiving, by an intermediary component that includes a processor to execute program code, a message including first authentication data and second authentication data from a sender computing system, the first authentication data being associated with a first user, the second authentication data being associated with a second user different than the first user;
performing, by the intermediary component, an authentication action based on the second authentication data received from the computing system;
mapping, by the intermediary component, the first authentication data that is from the sender computing system and associated with the first user to third authentication data that is associated with the first user but different from the first authentication data;
creating an assertion including the third authentication data and an attester certificate; and
transmitting, by the intermediary component, the assertion to a receiver computing system after performing the authentication action and without transmitting the second authentication data to the receiver computing system;
wherein the transmitting the assertion to a receiver computing system comprises;
transmitting the assertion to a receiver computing system configured to use the third authentication data to log the first user into the receiver computing system.
2 Assignments
0 Petitions
Accused Products
Abstract
A system may include a sender computing system, an intermediary component, and a receiver computing system. The sender computing system may transmit first authentication data and second authentication data, and the intermediary component may receive the first authentication data and second authentication data from the sender computing system, perform an authentication action based on the second authentication data, and transmit the first authentication data. The receiver computing system may receive the first authentication data.
-
Citations
22 Claims
-
1. A method comprising:
-
receiving, by an intermediary component that includes a processor to execute program code, a message including first authentication data and second authentication data from a sender computing system, the first authentication data being associated with a first user, the second authentication data being associated with a second user different than the first user; performing, by the intermediary component, an authentication action based on the second authentication data received from the computing system; mapping, by the intermediary component, the first authentication data that is from the sender computing system and associated with the first user to third authentication data that is associated with the first user but different from the first authentication data; creating an assertion including the third authentication data and an attester certificate; and transmitting, by the intermediary component, the assertion to a receiver computing system after performing the authentication action and without transmitting the second authentication data to the receiver computing system; wherein the transmitting the assertion to a receiver computing system comprises; transmitting the assertion to a receiver computing system configured to use the third authentication data to log the first user into the receiver computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory medium storing processor-executable program code, the program code comprising:
-
code to receive, by an intermediary component, a message including first authentication data and second authentication data from a sender computing system, the first authentication data being associated with a first user, the second authentication data being associated with a second user different than the first user; code to perform, by the intermediary component, an authentication action based on the second authentication data received from the sender computing system; code to map, by the intermediary component, the first authentication data that is from the sender computing system and associated with the first user to third authentication data that is associated with the first user but different from the first authentication data; code to create an assertion including the third authentication data and an attester certificate; and code to transmit, by the intermediary component, the assertion to a receiver computing system after performance of the authentication action and without transmission of the second authentication data to the receiver computing system; wherein the code to transmit the assertion to a receiver computing system comprises; code to transmit the assertion to a receiver computing system configured to use the third authentication data to log the first user into the receiver computing system. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a sender computing system to transmit a message including first authentication data and second authentication data, the first authentication data being associated with a first user, the second authentication data being associated with a second user different than the first user; an intermediary component to execute program code to receive the message including the first authentication data and second authentication data from the sender computing system, to perform an authentication action based on the second authentication data, to map the first authentication data that is from the sender computing system and associated with the first user to third authentication data that is associated with the first user but different from the first authentication data, to create an assertion including the third authentication data, an attester'"'"'s signature and an attester certificate and to transmit the assertion after performance of the authentication action and without transmission of the second authentication data; and a receiver computing system to receive the assertion transmitted by the intermediary component without transmission of the second authentication data and to use the third authentication data to log the first user into the receiver computing system. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification