Actively federated mobile authentication
First Claim
1. A method for making web service calls to a service on an enterprise network from a mobile device, comprising:
- providing user credentials to an identity provider to obtain a first security token, the identity provider having an established trust relationship with a trust broker and with an enterprise service, and the first security token configured to provide authentication for service requests received at the enterprise service;
providing a copy of the first security token to the trust broker, the trust broker having an established trust relationship with the service relay;
receiving a second security token from the trust broker in response to providing the copy of the first security token, the second security token configured to provide authentication to the service relay using an additional form of authentication that is different than the first security token;
sending a service request to the service relay, the service request comprising both the first security token and the second security token, wherein the second security token provides authentication to the service relay and provides permission for the service relay to forward the service request and the first security token to the enterprise service; and
receiving a service response from the service relay in response to the enterprise service authenticating the mobile device using the first security token.
4 Assignments
0 Petitions
Accused Products
Abstract
To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user'"'"'s credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.
-
Citations
17 Claims
-
1. A method for making web service calls to a service on an enterprise network from a mobile device, comprising:
-
providing user credentials to an identity provider to obtain a first security token, the identity provider having an established trust relationship with a trust broker and with an enterprise service, and the first security token configured to provide authentication for service requests received at the enterprise service; providing a copy of the first security token to the trust broker, the trust broker having an established trust relationship with the service relay; receiving a second security token from the trust broker in response to providing the copy of the first security token, the second security token configured to provide authentication to the service relay using an additional form of authentication that is different than the first security token; sending a service request to the service relay, the service request comprising both the first security token and the second security token, wherein the second security token provides authentication to the service relay and provides permission for the service relay to forward the service request and the first security token to the enterprise service; and receiving a service response from the service relay in response to the enterprise service authenticating the mobile device using the first security token. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A mobile device for making web service calls to an enterprise service via a service relay, comprising:
-
one or more processors; a memory coupled to the one or more processors, the memory storing one or more instructions executable by the one or more processors to cause the mobile device to; provide user credentials to an identity provider to obtain a first security token, the identity provider having an established trust relationship with a trust broker and with an enterprise service, and the first security token configured to provide authentication for service requests received at the enterprise service; provide a copy of the first security token to the trust broker, the trust broker having an established trust relationship with the service relay; receive a second security token from the trust broker in response to providing the copy of the first security token, the second security token configured to provide authentication to the service relay using an additional form of authentication that is different than the first security token; send a service request to the service relay, the service request comprising both the first security token and the second security token, wherein the second security token provides authentication to the service relay and provides permission for the service relay to forward the service request and the first security token to the enterprise service; and receive a service response from the service relay in response to the enterprise service authenticating the mobile device using the first security token. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A memory device having program instructions stored thereon that, upon execution by a mobile device, cause the mobile device to:
-
provide user credentials to an identity provider to obtain a first security token, the identity provider having an established trust relationship with a trust broker and with an enterprise service, and the first security token configured to provide authentication for service requests received at the enterprise service; provide the first security token to the trust broker, the trust broker having an established trust relationship with the service relay; receive a second security token from the trust broker in response to providing the copy of the first security token, the second security token configured to provide authentication to the service relay using an additional form of authentication that is different than the first security token; send a service request to the service relay, the service request comprising both the first security token and the second security token, wherein the second security token provides authentication to the service relay and provides permission for the service relay to forward the service request and the first security token to the enterprise service; and receive a service response from the service relay in response to the enterprise service authenticating the mobile device using the first security token. - View Dependent Claims (14, 15, 16, 17)
-
Specification