System and method for pool-based identity authentication for service access without use of stored credentials
First Claim
Patent Images
1. A method comprising:
- receiving, by a service provider from a service consumer, a request to access a service;
checking configuration restrictions associated with the requested service to determine one of various ways to respond to the request, the configuration restrictions including authentication restrictions associated with the requested service;
providing, by the service provider, an immediate response to grant access to the service consumer for the requested service if the configuration restrictions indicates no authentication restrictions and the requested service is authorized by an authorization service;
generating a response to grant access to the service consumer for the requested service if the configuration restrictions indicates there is some level of authentication restrictions associated with the requested service, generating the response further comprising;
sending, from the service provider to an authentication authority, a request to authenticate the requested service and the service consumer; and
receiving, by the service provider from the authentication authority, validation of the requested service, the validation is based on provisioning information representing real time deployment configuration information managed by a secure provisioning system for managing deployment of services such that the requested service is deployed without involving a key deployment step that uses at least one of stored credentials and a password entry, or a combination thereof;
receiving, by the service provider from an authorization service, authorization of the requested service for the service consumer; and
providing, by the service provider to the service consumer, the response to grant access to the service consumer for the requested service in response to the validation and the authorization of the requested service.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer.
31 Citations
16 Claims
-
1. A method comprising:
-
receiving, by a service provider from a service consumer, a request to access a service; checking configuration restrictions associated with the requested service to determine one of various ways to respond to the request, the configuration restrictions including authentication restrictions associated with the requested service; providing, by the service provider, an immediate response to grant access to the service consumer for the requested service if the configuration restrictions indicates no authentication restrictions and the requested service is authorized by an authorization service; generating a response to grant access to the service consumer for the requested service if the configuration restrictions indicates there is some level of authentication restrictions associated with the requested service, generating the response further comprising; sending, from the service provider to an authentication authority, a request to authenticate the requested service and the service consumer; and receiving, by the service provider from the authentication authority, validation of the requested service, the validation is based on provisioning information representing real time deployment configuration information managed by a secure provisioning system for managing deployment of services such that the requested service is deployed without involving a key deployment step that uses at least one of stored credentials and a password entry, or a combination thereof; receiving, by the service provider from an authorization service, authorization of the requested service for the service consumer; and providing, by the service provider to the service consumer, the response to grant access to the service consumer for the requested service in response to the validation and the authorization of the requested service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a memory device for storing instructions; and a processor, which, when executing the instructions, causes the system to perform operations comprising; receiving, by a service provider from a service consumer, a request to access a service; checking configuration restrictions associated with the requested service to determine one of various ways to respond to the request, the configuration restrictions including authentication restrictions associated with the requested service; providing, by the service provider, an immediate response to grant access to the service consumer for the requested service if the configuration restrictions indicates no authentication restrictions and the requested service is authorized by an authorization service; generating a response to grant access to the service consumer for the requested service if the configuration restrictions indicates there is some level of authentication restrictions associated with the requested service, generating the response further comprising; sending, from the service provider to an authentication authority, a request to authenticate the requested service and the service consumer; and receiving, by the service provider from the authentication authority, validation of the requested service, the validation is based on provisioning information representing real time deployment configuration information managed by a secure provisioning system for managing deployment of services such that the requested service is deployed without involving a key deployment step that uses at least one of stored credentials and a password entry, or a combination thereof; receiving, by the service provider from an authorization service, authorization of the requested service for the service consumer; and providing, by the service provider to the service consumer, the response to grant access to the service consumer for the requested service in response to the validation and the authorization of the requested service. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer readable non-transitory storage medium storing at least one program configured for execution by a computer, the at least one program comprising instructions to:
-
receive, by a service provider from a service consumer, a request to access a service; checking configuration restrictions associated with the requested service to determine one of various ways to respond to the request, the configuration restrictions including authentication restrictions associated with the requested service; provide, by the service provider, an immediate response to grant access to the service consumer for the requested service if the configuration restrictions indicates no authentication restrictions and the requested service is authorized by an authorization service; generate a response to grant access to the service consumer for the requested service the configuration restrictions indicates if there is some level of authentication restrictions associated with the requested service, generating the response further comprising instructions to; send, from the service provider to an authentication authority, a request to authenticate the requested service and the service consumer; and receive, by the service provider from the authentication authority, validation of the requested service, the validation is based on provisioning information representing real time deployment configuration information managed by a secure provisioning system for managing deployment of services such that the requested service is deployed without involving a key deployment step that uses at least one of stored credentials and a password entry, or a combination thereof; receive, by the service provider from an authorization service, authorization of the requested service for the service consumer; and provide, by the service provider to the service consumer, the response to grant access to the service consumer for the requested service in response to the validation and the authorization of the requested service.
-
Specification