System and method for pool-based identity authentication for service access without use of stored credentials

US 9,853,961 B2
Filed: 04/06/2016
Issued: 12/26/2017
Est. Priority Date: 05/13/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a service provider from a service consumer, a service request representing a request to access a service;

authenticating the service consumer based on a combination of provisioning information and independently verifiable data, the independently verifiable data not provided by the request to access the service, the provisioning information representing deployment configuration information;

determining the service consumer is authorized to access the service; and

providing, by the service provider, the service to the service consumer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer.

36 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a service provider from a service consumer, a service request representing a request to access a service;
  
  authenticating the service consumer based on a combination of provisioning information and independently verifiable data, the independently verifiable data not provided by the request to access the service, the provisioning information representing deployment configuration information;
  
  determining the service consumer is authorized to access the service; and
  
  providing, by the service provider, the service to the service consumer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the independently verifiable data includes an IP address of the service consumer.
  - 3. The method of claim 1, further comprising:
    - prior to authenticating the service consumer, determining configuration restrictions associated with the service request is not pre-configured for an immediate response to grant access to the service consumer for the service request without authentication.
  - 4. The method of claim 3, further comprising:
    - storing the provisioning information for the services in a service provisioning repository during deployment of the services in the multiple machines; and
      
      wherein authenticating the service consumer based on the combination of the provisioning information and the independently verifiable data further comprising enabling an authentication authority to access the provisioning information stored in the service provisioning repository during run time.
  - 5. The method of claim 1, wherein the service provider and the service consumer represent services deployed within a services oriented architecture (SOA).
  - 6. The method of claim 1, wherein authenticating the service consumer based on the combination of provisioning information and independently verifiable further comprising performing tests on the provisioning information and the independently verifiable data.
  - 7. The method of claim 4, wherein the authentication authority does not use stored credentials for authenticating the service consumer.
  - 8. The method of claim 2, wherein authenticating the service consumer based on the combination of provisioning information and independently verifiable data further comprising verifying the IP address from a TCP socket header.
  - 9. The method of claim 2, wherein authenticating the service consumer based on the combination of provisioning information and independently verifiable data further comprising verifying the IP address by extracting the x-Forwarded Hypertext Transfer Protocol (HTTP) value inserted by a virtual IP address forwarding processor.

10. A system comprising:
- a memory device for storing instructions; and
  
  a processor, which, when executing the instructions, causes the system to perform operations comprising;
  
  receiving, by a service provider from a service consumer, a service request representing a request to access a service;
  
  authenticating the service consumer based on a combination of provisioning information and independently verifiable data, the independently verifiable data is not provided by the request to access the service, the provisioning information representing deployment configuration information;
  
  determining the service consumer is authorized to access the service; and
  
  providing, by the service provider, the service to the service consumer.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the independently verifiable data includes an IP address of the service consumer.
  - 12. The system of claim 10, wherein the processor, which, when executing the instructions, causes the system to perform operations further comprising:
    - prior to authenticating, determining configuration restrictions associated with the service request is not pre-configured for an immediate response to grant access to the service consumer for the service request without authentication.
  - 13. The system of claim 12, further comprising:
    - wherein the processor, which, when executing the instructions, causes the system to perform operations further comprising storing the provisioning information in a service provisioning repository during deployment of the services in the multiple machines; and
      
      wherein the processor, which when executing the instructions authenticating the service consumer based on the combination of the provisioning information and the independently verifiable data further comprising enabling an authentication authority to access the provisioning information stored in the service provisioning repository during run time.
  - 14. The system of claim 10, wherein the service provider and the service consumer represent services deployed within a services oriented architecture (SOA).
  - 15. The system of claim 10, wherein the processor, which when executing the instructions authenticating the service consumer based on the combination of the provisioning information and the independently verifiable data further comprising performing tests on the provisioning information and the independently verifiable data.
  - 16. The system of claim 13, wherein the authentication authority does not use stored credentials for authenticating the service consumer.
  - 17. The system of claim 11, wherein the processor, which when executing the instructions authenticating the service consumer based on the combination of the provisioning information and the independently verifiable data further comprising verifying the IP address from a TCP socket header.
  - 18. The system of claim 11, wherein the processor, which when executing the instructions authenticating the service consumer based on the combination of the provisioning information and the independently verifiable data further comprising verifying the IP address by extracting the x-Forwarded Hypertext Transfer Protocol (HTTP) value inserted by a virtual IP address forwarding processor.

19. A computer readable non-transitory storage medium storing at least one program configured for execution by a computer, the at least one program comprising instructions to perform operations comprising:
- receiving, by a service provider from a service consumer, a service request representing a request to access a service;
  
  authenticating the service consumer based on a combination of provisioning information and independently verifiable data, the independently verifiable data is not provided by the request to access the service, the provisioning information representing deployment configuration information;
  
  determining the service consumer is authorized to access the service; and
  
  providing, by the service provider, the service to the service consumer.
- View Dependent Claims (20)
- - 20. The computer readable non-transitory storage medium of claim 19, wherein the independently verifiable data includes an IP address of the service consumer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Kolluru, Raju Venkata, Kleinpeter, Michael Dean
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US15/091,712
Publication Number

US 20160226851A1
Time in Patent Office

629 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 9/321   involving a third party or ...

System and method for pool-based identity authentication for service access without use of stored credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for pool-based identity authentication for service access without use of stored credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links