Method and apparatus for providing authentication and encryption services by a software as a service platform
First Claim
Patent Images
1. A services hosting platform providing a host infrastructure that is sharable by multiple tenants and that hosts a plurality of services, the services hosting platform comprising:
- an authentication server, implemented using at least a first processor of the services hosting platform, for generating and processing tokens associated with clients and services, wherein the authentication server;
receives a request from a client of a tenant for a first service from among the plurality of services provided by the services hosting platform, the request including a credential of the client; and
determines, responsive to the credential of the client, whether the client is authorized for the first service;
if it is determined that the client is authorized for the first service, forwards a token for the client that enables the client to open a session for the first service with the services hosting platform; and
an application server, implemented using at least a second processor of the services hosting platform, for providing a version of the first service to the client of the tenant, wherein access to the version of the first service is permitted following authentication of the client by the authentication server, wherein, after authentication of the client by the authentication server, the application server;
wraps the token of the client with a host specific platform identifier for the first service to provide a platform security token;
invokes a security service via a security service handler that uses the platform security token to verify that the client has credentials to perform the first service on the services hosting platform, and selectively performs the first service for the client responsive to the security service indicating that the client has sufficient credentials for receiving the first service, wherein the security service is included among the plurality of services provided by the services hosting platform; and
after receiving an indication from the security service that the client has sufficient credentials for receiving the first service, the application server invokes at least one additional service via an additional service handler from among the plurality of services provided by the services hosting platform, wherein the at least one additional service augments the first service and is selectively invoked, by the application server via the additional service handler, transparently to the client in accordance with needs of the first service, the augmenting of the first service by the at least one additional service being a services extension pipeline that augments functions of the first service, using the at least one additional service, transparently to the client.
9 Assignments
0 Petitions
Accused Products
Abstract
An extensible servicing hosting platform is provided that supports the design, build and concurrent deployment of multiple web accessible services on a services hosting platform. The services hosting platform comprises a services hosting framework capable of hosting multiple service applications, each of which may be shared by multiple tenants that each customize their use of a particular application service by extending the application service to exploit run time platform services within a service execution pipeline. The services hosting framework may easily be leveraged by applications to decrease the time associated with developing, deploying and maintaining high quality services in a cost effective manner.
82 Citations
7 Claims
-
1. A services hosting platform providing a host infrastructure that is sharable by multiple tenants and that hosts a plurality of services, the services hosting platform comprising:
-
an authentication server, implemented using at least a first processor of the services hosting platform, for generating and processing tokens associated with clients and services, wherein the authentication server; receives a request from a client of a tenant for a first service from among the plurality of services provided by the services hosting platform, the request including a credential of the client; and determines, responsive to the credential of the client, whether the client is authorized for the first service; if it is determined that the client is authorized for the first service, forwards a token for the client that enables the client to open a session for the first service with the services hosting platform; and an application server, implemented using at least a second processor of the services hosting platform, for providing a version of the first service to the client of the tenant, wherein access to the version of the first service is permitted following authentication of the client by the authentication server, wherein, after authentication of the client by the authentication server, the application server; wraps the token of the client with a host specific platform identifier for the first service to provide a platform security token; invokes a security service via a security service handler that uses the platform security token to verify that the client has credentials to perform the first service on the services hosting platform, and selectively performs the first service for the client responsive to the security service indicating that the client has sufficient credentials for receiving the first service, wherein the security service is included among the plurality of services provided by the services hosting platform; and after receiving an indication from the security service that the client has sufficient credentials for receiving the first service, the application server invokes at least one additional service via an additional service handler from among the plurality of services provided by the services hosting platform, wherein the at least one additional service augments the first service and is selectively invoked, by the application server via the additional service handler, transparently to the client in accordance with needs of the first service, the augmenting of the first service by the at least one additional service being a services extension pipeline that augments functions of the first service, using the at least one additional service, transparently to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeEmc IP Holding Company LLC (Dell Technologies Inc.)
-
Original AssigneeEMC Corporation (Dell Technologies Inc.)
-
InventorsAhmed, Zahid N., Wrenn, George L. Jr.
-
Primary Examiner(s)Flynn, Nathan
-
Assistant Examiner(s)Vaughan, Michael R
-
Application NumberUS12/931,386Time in Patent Office666 DaysField of SearchNoneUS Class Current726/7CPC Class CodesG06F 21/00 Security arrangements for p...G06F 21/602 Providing cryptographic fac...G06F 2221/2141 Access rights, e.g. capabil...G06F 9/00 Arrangements for program co...H04L 63/0892 by using authentication-aut...H04L 67/141 Setup of application sessio...
