Systems, methods, and computing platforms for executing credential-less network-based communication exchanges
US-12184638-B2 · Dec 31, 2024 · US
Virtual requests
US9450758B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9450758-B1 |
| Application number | US-201213418270-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 12, 2012 |
| Priority date | Mar 12, 2012 |
| Publication date | Sep 20, 2016 |
| Grant date | Sep 20, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising a servicer computer configured to: cause an authentication service computer to store a digital identity certificate of a client computer, the client computer configured to generate the digital identity certificate based at least in part on a private key associated with the client computer; cause the authentication service computer to determine a validity of the digital identity certificate based at least in part on a public key associated with the digital identity certificate; initiate a certificate exchange session utilizing a transport layer security (TLS) protocol with the client computer, the certificate exchange session comprising a handshake portion that includes a time-dependent request component, a service-dependent request component, and an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action the client computer is requested to perform; enable the client computer to transmit the digital identity certificate to the servicer computer; compute a servicer certificate exchange receipt based at least in part on the certificate exchange session; and cause the client computer to compute a client certificate exchange receipt based at least in part on the certificate exchange session. 2. The system of claim 1 , wherein the servicer computer is further configured to: transmit the servicer certificate exchange receipt or the client certificate exchange receipt to the authentication service computer; and when at least one of the client certificate exchange receipt or the servicer certificate exchange receipt is validated, cause the authentication service computer to transmit an issued credential to the servicer computer, the issued credential used to communicate with an independent service on behalf of the client computer. 3. The system of claim 2 , wherein the servicer computer is further configured to: cause the authentication service computer to validate a signature of the servicer certificate exchange receipt by retrieving a principal identity for the servicer computer using a public key associated with the servicer computer; and cause the authentication service computer to verify the public key associated with the servicer computer. 4. The system of claim 3 , wherein the servicer computer is further configured to: cause the authentication service computer to verify the public key associated with the servicer computer by comparing the time-dependent request component with a current time. 5. The system of claim 3 , wherein the servicer computer is further configured to: cause the authentication service computer to verify the public key associated with the servicer computer by matching the service-dependent request component with the digital identity certificate of the client computer. 6. The system of claim 1 , wherein the authentication service computer is configured to store the digital identity certificate of the client computer in a certificate store. 7. A system, comprising a client computer configured to: generate a digital identity certificate based at least in part on a private key associated with the client computer; cause an authentication service computer to store the digital identity certificate of the client computer; cause the authentication service computer to determine a validity of the digital identity certificate based at least in part on a public key associated with the digital identity certificate; cause a servicer computer to initiate a certificate exchange session utilizing a transport layer security (TLS) protocol with the servicer computer, the certificate exchange session comprising a handshake portion that includes a time-dependent request component, a service-dependent request component, and an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action the client computer is requested to perform; transmit the digital identity certificate to the servicer computer; compute a client certificate exchange receipt based at least in part on the certificate exchange session; and cause the servicer computer to compute a servicer certificate exchange receipt based at least in part on the certificate exchange session. 8. The system of claim 7 , wherein the client computer is further configured to: transmit to the servicer computer, from the client computer, the digital identity certificate in the handshake portion; and transmit to the servicer computer, from the client computer, a handshake verification associated with the handshake portion. 9. The system of claim 8 , wherein the handshake verification is calculated using a secure cryptographic hash function using the private key associated with the client computer as a hash-based message authentication code (HMAC) key. 10. The system of claim 7 , wherein the client computer is further configured to: receive a format agreement from the servicer computer at the client computer, the format agreement including instructions to convert a first request using a first protocol to a second request using a second protocol, wherein the first request is directed to an independent service on behalf of the client computer. 11. The system of claim 10 , wherein the client computer is further configured to: sign the format agreement, wherein the format agreement includes at least one of the time-dependent request component, the service-dependent request component, or the action-dependent request component. 12. A system, comprising an authentication service computer configured to: receive a digital identity certificate of a client computer, the client computer configured to generate the digital identity certificate based at least in part on a private key associated with the client computer; store the digital identity certificate of a client computer; determine a validity of the digital identity certificate based at least in part on a public key associated with the digital identity certificate; cause a servicer computer to initiate a certificate exchange session utilizing a transport layer security (TLS) protocol with the client computer, the certificate exchange session comprising a handshake portion that includes a time-dependent request component, a service-dependent request component, and an action-dependent request component, the action-dependent request component comprising an association between a request of the certificate exchange session and an action the client computer is requested to perform; cause the servicer computer to enable the client computer to transmit the digital identity certificate to the servicer computer; cause the client computer to compute a client certificate exchange receipt based at least in part on the certificate exchange session; and cause the servicer computer to compute a servicer certificate exchange receipt based at least in part on the certificate exchange session. 13. The system of claim 12 , wherein the authentication service computer is further configured to: store a mapping to a principal identity with the digital identity certificate of the client computer. 14. The system of claim 12 , wherein the authentication service computer is further configured to: verify the public key associated with the servicer computer by comparing the time-dependent request component with a current time. 15. The system of claim 12 , wherein the authentication service computer is further configured to: verify the public key associated with
Assignees
Inventors
Classifications
- H04L9/321Primary
involving a third party or a trusted authority · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
involving time stamps, e.g. generation of time stamps · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
at the transport layer · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9450758B1 cover?
- A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/…
- Who is the assignee on this patent?
- Allen Nicholas Alexander, Roth Gregory B, Dykhno Elena, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/321. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 20 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).