Identity verification and associated platform
US-2024403403-A1 · Dec 5, 2024 · US
Token exchange with client generated token
US2020112436A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020112436-A1 |
| Application number | US-201816155878-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 9, 2018 |
| Priority date | Oct 9, 2018 |
| Publication date | Apr 9, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A client can be authenticated with an identity provider. The identity provider can generate an identity provider token after successful authentication. Prior to issuing a request to a service provider, the client can request a temporary (one time use) token from the identity provider. The request may include a client token to verify the client's identity. The identity provider can validate the client token using details saved in the identity provider token and issue the temporary token to the client. The client can provide the temporary token to a service provider in a request for service. The service provider can validate the temporary token with the identity provider. If the temporary token is valid (i.e., has not already been used), the service provider can respond to the request. The use of a temporary token and not sharing the identity provider token with the client can prevent security breaches.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for providing identity services, the method comprising: receiving credentials for a first client; issuing a code to the first client in response to verifying the credentials; receiving a request for a temporary token from the first client, the request including the code and a client token; generating the temporary token in response to validating the client token and the code; and providing the temporary token to the first client. 2 . The method of claim 1 , wherein the temporary token comprises a one-time use token. 3 . The method of claim 1 , further comprising: receiving, from a service provider, a request to validate the temporary token; in response to verifying that the temporary token is valid, providing a response to the service provider indicating the temporary token is valid; and invalidating the temporary token. 4 . The method of claim 1 , further comprising: generating an identity provider token in response to verifying the credentials, the identity provider token comprising information about the first client, wherein the identity provider token is not shared with the first client; wherein validating the client token and the code comprises comparing information in the identity provider token with information in the client token. 5 . The method of claim 4 , wherein validating the client token and the code comprises verifying a signature associated with the request using a public key of the first client. 6 . The method of claim 4 , wherein validating the client token and the code comprises decrypting the client token using a private key. 7 . The method of claim 1 , further comprising: receiving, from a second client, a request for a second temporary token, the request including the code and the client token; and in response to verifying that the code and the client token are valid, providing the second temporary token to the second client. 8 . The method of claim 7 , further comprising receiving, by the second client, the client token and the code from the first client. 9 . The method of claim 1 , further comprising configuring the temporary token to have an expiration time of less than five minutes. 10 . The method of claim 1 , further comprising providing, by the first client, the temporary token in a request to a service provider. 11 . The method of claim 1 , wherein generating the temporary token comprises storing data associated with the first client in the temporary token. 12 . An apparatus comprising: a processor; and a machine-readable medium comprising instructions executable by the processor to cause the apparatus to, receive credentials for a client; in response to verification of the credentials, issue a code to the client; receive the code and a client token from the client; generate a temporary token in response to a validating the client token and the code; provide the temporary token to the client; receive, from a service provider, a request to validate the temporary token; and in response to verification that the temporary token is valid, provide a response to the service provider to indicate that the temporary token is valid and invalidate the temporary token. 13 . The apparatus of claim 12 , wherein the code and the client token are encrypted with one of a public or private key of a public/private key pair. 14 . The apparatus of claim 12 , wherein the instructions executable by the processor further cause the apparatus to verify a signature associated with the request using a public key of the client. 15 . The apparatus of claim 12 , wherein the instructions executable by the processor further cause the apparatus to: decrypt the client token using a private key; and verify that the code is associated with the client using information from the client token. 16 . The apparatus of claim 12 , wherein the temporary token is configured with an expiration time of less than five minutes. 17 . One or more non-transitory machine-readable media comprising machine executable instructions for managing application risks, the machine executable instructions to cause a processor to perform operations comprising: in response to verification of credentials received from a client, issue a code to the client; receive the code and a client token from the client; generate a temporary token in response to validating the code and the temporary token; provide the temporary token to the client; receive a request to validate the temporary token; and in response to verification that the temporary token is valid, provide a response to the request indicating that the temporary token is valid, and invalidate the temporary token. 18 . The one or more non-transitory machine-readable media of claim 17 , wherein the temporary token comprises a one-time use token. 19 . The one or more non-transitory machine-readable media of claim 17 , wherein the code and the client token are encrypted with one of a public or private key of a public/private key pair. 20 . The one or more non-transitory machine-readable media of claim 19 , wherein the machine executable instructions to validate the code and the client token comprise instructions to: verify a signature associated with the request using a public key of the client; and decrypt the client token using a private key.
Assignees
Inventors
Classifications
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
- H04L9/3213Primary
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020112436A1 cover?
- A client can be authenticated with an identity provider. The identity provider can generate an identity provider token after successful authentication. Prior to issuing a request to a service provider, the client can request a temporary (one time use) token from the identity provider. The request may include a client token to verify the client's identity. The identity provider can validate the …
- Who is the assignee on this patent?
- Ca Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Apr 09 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).