Virtual requests

US 9,313,191 B1
Filed: 02/14/2014
Issued: 04/12/2016
Est. Priority Date: 03/12/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

constructing, by a computer system, a virtual request that includes a time-dependent request component, a service-dependent request component, and an action-dependent request component;

applying, by the computer system, keying material to the virtual request to produce a virtual request signature;

forming a claim based at least in part on a principal identity and the virtual request signature;

receiving, from a servicer computer different from the computer system, a client request, according to a first protocol, to reconstruct the virtual request with the time-dependent request component, the service-dependent request component, and the action-dependent request component; and

sending the client request, as part of an application programming interface call that is based at least in part on the virtual request, to a first service according to a second protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. If virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.

Citations

17 Claims

1. A computer-implemented method, comprising:
- constructing, by a computer system, a virtual request that includes a time-dependent request component, a service-dependent request component, and an action-dependent request component;
  
  applying, by the computer system, keying material to the virtual request to produce a virtual request signature;
  
  forming a claim based at least in part on a principal identity and the virtual request signature;
  
  receiving, from a servicer computer different from the computer system, a client request, according to a first protocol, to reconstruct the virtual request with the time-dependent request component, the service-dependent request component, and the action-dependent request component; and
  
  sending the client request, as part of an application programming interface call that is based at least in part on the virtual request, to a first service according to a second protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein the claim includes a username and a password received through an authentication protocol.
  - 3. The computer-implemented method of claim 2, wherein at least one of the username or the password encodes a request parameter, and wherein the client request includes the request parameter.
  - 4. The computer-implemented method of claim 3, further comprising calculating the virtual request signature using a representation of the password.
  - 5. The computer-implemented method of claim 1, wherein the first protocol and the second protocol are different versions of the same protocol.
  - 6. The computer-implemented method of claim 1, wherein the first protocol and the second protocol are different protocols.
  - 7. The computer-implemented method of claim 1, wherein the virtual request is encoded in a universal resource identifier.
  - 8. The computer-implemented method of claim 1, wherein the first service forms part of a program execution service.

9. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, when executed by a processor of a computer system, cause the computer system to perform operations comprising:
- constructing a virtual request, the request including a time-dependent request component, a service-dependent request components and an action-dependent request component;
  
  applying keying material to the virtual request to produce a virtual request signature;
  
  forming a claim based at least in part on a principal identity and the virtual request signature;
  
  receiving from a servicer that is different from the computer system, a client request, according to a first protocol, to reconstruct the virtual request with the time-dependent request component, the service-dependent request component and the action-dependent request component; and
  
  sending the client request, as part of an application programming interface call that is based at least in part on the virtual request, to a first service according to a second protocol.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the first service forms part of a program execution service.
  - 11. The non-transitory computer-readable storage medium of claim 9, wherein the claim includes a username and a password received through an authentication protocol.
  - 12. The non-transitory computer-readable storage medium of claim 11, wherein at least one of the username or the password encodes a request parameter, and wherein the client request includes the request parameter.
  - 13. The non-transitory computer-readable storage medium of claim 12, further comprising calculating the virtual request signature using a representation of the password.

14. A computer system, comprising:
- a processor; and
  
  memory, including instructions executable by the processor to cause the computer system to at least;
  
  construct a virtual request, the request including a time-dependent request component, a service-dependent request component and an action-dependent request component;
  
  apply keying material to the virtual request to produce a virtual request signature;
  
  form a claim based at least in part on a principal identity and the virtual request signature;
  
  receive from a servicer that is different from the computer system, a client request, according to a first protocol, to reconstruct the virtual request with the time-dependent request component, the service-dependent request component and the action-dependent request component; and
  
  send the client request, as part of an application programming interface call that is based at least in part on the virtual request, to a first service according to a second protocol.
- View Dependent Claims (15, 16, 17)
- - 15. The computer system of claim 14, wherein the instructions are executable by the processor to further cause the computer system to at least determine if the virtual request has expired based at least in part on the time-based component.
  - 16. The computer system of claim 14, wherein the virtual request signature is computed using a private key of an asymmetric cryptographic system.
  - 17. The computer system of claim 14, wherein the instructions are executable by the processor to further cause the computer system to at least receive an issued credential that includes a limited scope, the limited scope based at least in part on the virtual request signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Allen, Nicholas Alexander, Roth, Gregory Branchek, Dykhno, Elena
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/181,078
Time in Patent Office

788 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 67/565 Conversion or adaptation of...

Virtual requests

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual requests

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links