Actively federated mobile authentication
First Claim
1. A computer-implemented method comprising:
- providing, by a computing device, a user credential to an identity provider that has an established trust relationship with an enterprise service;
receiving, by the computing device from the identity provider, a first token configured to provide authentication for a service request received at the enterprise service;
providing, by the computing device, the first token to a trust broker that has an established trust relationship with the identity provider;
receiving, by the computing device from the trust broker in response to the first token, a second token configured to provide authentication for a service relay to send the service request and the first token to the enterprise service, wherein the second token is configured to provide authentication to the service relay using an additional form of authentication that is different than the first token;
sending, by the computing device to the service relay, the service request with both the first token and the second token; and
receiving, by the computing device from the service relay, a service response indicative of authentication of the computing device by the enterprise service using the first token.
2 Assignments
0 Petitions
Accused Products
Abstract
To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user'"'"'s credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.
27 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
providing, by a computing device, a user credential to an identity provider that has an established trust relationship with an enterprise service; receiving, by the computing device from the identity provider, a first token configured to provide authentication for a service request received at the enterprise service; providing, by the computing device, the first token to a trust broker that has an established trust relationship with the identity provider; receiving, by the computing device from the trust broker in response to the first token, a second token configured to provide authentication for a service relay to send the service request and the first token to the enterprise service, wherein the second token is configured to provide authentication to the service relay using an additional form of authentication that is different than the first token; sending, by the computing device to the service relay, the service request with both the first token and the second token; and receiving, by the computing device from the service relay, a service response indicative of authentication of the computing device by the enterprise service using the first token. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for processing a service request at a service relay configured to communicate with an enterprise network, the computer-implemented method comprising:
-
receiving, by the service relay from a computing device, a service request with a first token and a second token, the service request being directed to the enterprise network, and the first token being indicative of user identity information corresponding to a user associated with the computing device; validating, by the service relay, the second token that authenticates the computing device to the service relay using an additional form of authentication that is different than the first token; based on validating the second token, sending, by the service relay to the enterprise network, the service request and first token; receiving, by the service relay from the enterprise network, a response to the service request; and sending, to the computing device, the response indicative of authentication of the computing device by the enterprise service using the first token. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computing system comprising:
-
a processor; and memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to; provide a user credential to an identity provider that has an established trust relationship with an enterprise service; receive a first token configured to provide authentication for a service request received by the enterprise service; provide the first token to a trust broker that has an established trust relationship with the identity provider; receive, from the trust broker in response to the first token, a second token configured to provide authentication for a service relay to send the service request and the first token to the enterprise service, the second token using an additional form of authentication that is different than the first token; send the service request to the service relay with both the first token and the second token; and receive, from the service relay, a service response indicative of authentication of the computing device by the enterprise service using the first token. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification