US2016065579A1PendingUtilityA1

Method and system for interoperable identity and interoperable credentials

55
Assignee: DRFIRST COM INCPriority: Aug 28, 2014Filed: Jan 27, 2015Published: Mar 3, 2016
Est. expiryAug 28, 2034(~8.1 yrs left)· nominal 20-yr term from priority
H04L 67/32H04L 63/10H04L 67/60H04L 63/08G06F 21/31G06Q 10/00G06F 2221/2117G06F 21/46G06Q 50/265H04L 63/0884H04L 63/0421G06F 21/45
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present teaching relates to identity management. In one example, a trusted connector is instantiated in the enterprise system behind a security. The trusted connector is configured to communicate with the private resource via a communication protocol. Upon being triggered by the external system, a secure communication channel is established between the external system and the trusted connector. A request is received from the external source at the trusted connector through the secure communication channel. The request is interpreted for communicating with the private resource. The interpreted request is sent to the private resource. A response is received from the private resource. The response from the private resource is interpreted for communicating with the external system. The interpreted response is sent to the external system through the secure communication channel.

Claims

exact text as granted — not AI-modified
We claim: 
     
         1 . A method, implemented on a computing device having at least one processor, storage, and a communication platform capable of connecting to a network for an external system to access a private resource in an enterprise system behind a security, comprising:
 instantiating a trusted connector in the enterprise system behind the security, wherein the trusted connector is configured to communicate with the private resource via a communication protocol;   establishing, upon being triggered by the external system, a secure communication channel between the external system and the trusted connector;   receiving a request from the external source at the trusted connector through the secure communication channel;   interpreting the request for communicating with the private resource;   sending the interpreted request to the private resource;   receiving a response from the private resource;   interpreting the response from the private resource for communicating with the external system; and   sending the interpreted response to the external system through the secure communication channel.   
     
     
         2 . The method of  claim 1 , wherein the step of instantiating a trusted connector in the enterprise system includes initiating logging of communications directed to the trusted connector. 
     
     
         3 . The method of  claim 2 , wherein the logging of communications includes logging communications between the trusted connector and the private source. 
     
     
         4 . The method of  claim 2 , wherein the logging of communications includes logging communications between the trusted connector and the external system. 
     
     
         5 . The method of  claim 1 , wherein the step of interpreting the response from the private source includes interpreting a session involving the private resource associated with the response and maintaining the session in subsequent communications associated with the session between the private resource and the external system. 
     
     
         6 . The method of  claim 1 , wherein the communication protocol is one of TCP protocol, UDP protocol or RADIUS protocol. 
     
     
         7 . The method of  claim 1 , wherein the external system includes a cloud system. 
     
     
         8 . The method of  claim 7 , wherein the cloud system includes a system that provides cloud-based identity services. 
     
     
         9 . The method of  claim 1 , wherein the private resource includes at least one private server for verifying the validity of a credential. 
     
     
         10 . The method of  claim 9 , wherein the private includes a server for verifying the validity of a RSA SecureID credential. 
     
     
         11 . The method of  claim 1  wherein the trusted connector includes a configuration operable to configure the connection between the trusted connector and the external system and/or to configure the connection between the trusted connector and the private resource. 
     
     
         12 . The method of  claim 11 , wherein the configuration of the trusted connector is at least partially accessible to an administrator of the private enterprise system. 
     
     
         13 . The method of  claim 11 , wherein the configuration of the trusted connector is at least partially accessible to the external system. 
     
     
         14 . The method of  claim 1 , wherein the security includes a firewall. 
     
     
         15 . The method of  claim 1 , wherein the private resource includes one or more private servers. 
     
     
         16 . The method of  claim 15 , wherein at least some of the one or more private servers handles the same type of requests. 
     
     
         17 . The method of  claim 15 , wherein the private resource includes a first private server and a second private server, wherein the first private server and the second private server handle different types of requests. 
     
     
         18 . The method of  claim 2 , wherein logging of communications directed to the trusted connector includes security audit logging of security auditable events or activities. 
     
     
         19 . The method of  claim 18 , wherein security audit logging of security auditable events or activities includes logging security audible events or activities that are required by government rules and regulations. 
     
     
         20 . A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network for authenticating an online user, the method comprising the steps of:
 receiving a first request for authenticating the online user with information related to a credential of the online user and a private resource for verifying the credential, wherein the private resource resides in an enterprise system behind a security;   triggering a trusted connector, residing in the enterprise system behind the security, to establish a secure communication channel;   sending a second request to the trusted connector via the secure communication channel requesting the private resource to verify the credential, wherein the second request is to be interpreted by the trusted connector before an interpreted request is sent from the trusted connector to the private resource;   receiving a response from the trusted connector via the secure communication channel related to the verification of the credential, wherein the response is generated by the private resource and interpreted by the trusted connector; and   authenticating the online user based on the response.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.