Security token management service hosting in application server

US 9,407,626 B2
Filed: 09/29/2011
Issued: 08/02/2016
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

executing, by a processing device of an application server, a security token management service to manage disparate token services for a plurality of services provided by the application server to support a set of clients separate from the application server;

receiving, by the processing device executing the security token management service, a request for at least one token service of the disparate token services, the request received from a requesting service of the plurality of services;

validating the request for the at least one token service;

identifying a corresponding token provider for the at least one token service, wherein the corresponding token provider is selected from a plurality of token providers registered with the security token management service;

acquiring at least one token from the corresponding token provider for the at least one token service; and

deploying the at least one token service to the requesting service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for a security token management service hosted in an application server. A set of services and/or associated applications can be served from an application server to one or more clients. The set of services may require one or more token services in order to deliver their intended functionalities, so that for instance an email client may require the use and presentation of a token or other object incorporating user ID, password, or other authentication information for the user to access and retrieve their email messages. Different served applications and/or services may require the installation of various different token types or services, conventionally requiring manually configuration. A centralized security token management service can be installed and configured in the application server itself, which interfaces to requesting services and automatically locates and acquires diverse token types and/or associated token services to support served applications or services.

Citations

18 Claims

1. A method comprising:
- executing, by a processing device of an application server, a security token management service to manage disparate token services for a plurality of services provided by the application server to support a set of clients separate from the application server;
  
  receiving, by the processing device executing the security token management service, a request for at least one token service of the disparate token services, the request received from a requesting service of the plurality of services;
  
  validating the request for the at least one token service;
  
  identifying a corresponding token provider for the at least one token service, wherein the corresponding token provider is selected from a plurality of token providers registered with the security token management service;
  
  acquiring at least one token from the corresponding token provider for the at least one token service; and
  
  deploying the at least one token service to the requesting service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the requesting service comprises at least one application served from the application server to a client in the set of clients.
  - 3. The method of claim 2, wherein the at least one application comprises at least one of a messaging application, an email application, a media application, a database application, a social networking application, or an e-commerce application.
  - 4. The method of claim 3, wherein the security token management service is hosted in the application server.
  - 5. The method of claim 1, wherein the at least one token comprises at least one of a Kerberos token, a security assertion markup language (SAML) assertion, a web services (WS) trust claim, an Open ID token, or a custom token.
  - 6. The method of claim 1, further comprising serving the requesting service to at least one client in the set of clients via a network.
  - 7. The method of claim 6, further comprising monitoring the usage history of the at least one token service by the set of clients.
  - 8. The method of claim 7, further comprising at least one of updating or terminating the at least one token service in view of the usage history.
  - 9. The method of claim 1, wherein the request for at least one token service comprises a request for a plurality of token services.

10. A system comprising:
- a memory;
  
  an interface to a set of clients, the interface communicably coupled to the memory;
  
  a processing device communicably coupled to the memory, the processing device to execute an application server from the memory and to communicate with the set of clients via the interface; and
  
  a security token management service executable from the memory by the processing device as part of the application server, the processing device to;
  
  manage disparate token services for a plurality of services provided by the application server to support the set of clients;
  
  receive a request for at least one token service of the disparate token services, the request received from a requesting service of the plurality of services;
  
  validate the request for the at least one token service;
  
  identify a corresponding token provider for the at least one token, wherein the corresponding token provider is selected from a plurality of token providers registered with the security token management service;
  
  acquire at least one token from the corresponding token provider for the at least one token service; and
  
  deploy the at least one token service to the requesting service.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the requesting service comprises at least one application served from an application server comprising the system to a client in the set of clients.
  - 12. The system of claim 11, wherein the at least one application comprises at least one of a messaging application, an email application, a media application, a database application, a social networking application, or an e-commerce application.
  - 13. The system of claim 12, wherein the security token management service is hosted in the application server.
  - 14. The system of claim 10, wherein the at least one token comprises at least one of a Kerberos token, a security assertion markup language (SAML) assertion, a web services (WS) trust claim, an Open ID token, or a custom token.
  - 15. The system of claim 10, wherein the processing device is further to serve the requesting service to at least one client in the set of clients via a network.
  - 16. The system of claim 15, wherein the processing device is further to monitor the usage history of the at least one token service by the set of clients.
  - 17. The system of claim 16, wherein the processing device is further to at least one of update or terminate the at least one token service in view of the usage history.
  - 18. The system of claim 10, wherein the request for at least one token service comprises a request for a plurality of token services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Saldhana, Anil
Primary Examiner(s)
Vu, Viet
Assistant Examiner(s)
Chambers, Michael A

Application Number

US13/248,629
Publication Number

US 20130086141A1
Time in Patent Office

1,769 Days
Field of Search

726/203, 726/9, 726/6, 713/172, 709/203
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0815   providing single-sign-on or...

Security token management service hosting in application server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security token management service hosting in application server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links