Method and system for interoperable identity and interoperable credentials
Abstract
The present teaching relates to identity management. In one example, a trusted connector is instantiated in the enterprise system behind a security. The trusted connector is configured to communicate with the private resource via a communication protocol. Upon being triggered by the external system, a secure communication channel is established between the external system and the trusted connector. A request is received from the external source at the trusted connector through the secure communication channel. The request is interpreted for communicating with the private resource. The interpreted request is sent to the private resource. A response is received from the private resource. The response from the private resource is interpreted for communicating with the external system. The interpreted response is sent to the external system through the secure communication channel.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A method, implemented on a computing device having at least one processor, storage, and a communication platform capable of connecting to a network for an external system to access a private resource in an enterprise system behind a security, comprising:
instantiating a trusted connector in the enterprise system behind the security, wherein the trusted connector is configured to communicate with the private resource via a communication protocol; establishing, upon being triggered by the external system, a secure communication channel between the external system and the trusted connector; receiving a request from the external source at the trusted connector through the secure communication channel; interpreting the request for communicating with the private resource; sending the interpreted request to the private resource; receiving a response from the private resource; interpreting the response from the private resource for communicating with the external system; and sending the interpreted response to the external system through the secure communication channel.
2 . The method of claim 1 , wherein the step of instantiating a trusted connector in the enterprise system includes initiating logging of communications directed to the trusted connector.
3 . The method of claim 2 , wherein the logging of communications includes logging communications between the trusted connector and the private source.
4 . The method of claim 2 , wherein the logging of communications includes logging communications between the trusted connector and the external system.
5 . The method of claim 1 , wherein the step of interpreting the response from the private source includes interpreting a session involving the private resource associated with the response and maintaining the session in subsequent communications associated with the session between the private resource and the external system.
6 . The method of claim 1 , wherein the communication protocol is one of TCP protocol, UDP protocol or RADIUS protocol.
7 . The method of claim 1 , wherein the external system includes a cloud system.
8 . The method of claim 7 , wherein the cloud system includes a system that provides cloud-based identity services.
9 . The method of claim 1 , wherein the private resource includes at least one private server for verifying the validity of a credential.
10 . The method of claim 9 , wherein the private includes a server for verifying the validity of a RSA SecureID credential.
11 . The method of claim 1 wherein the trusted connector includes a configuration operable to configure the connection between the trusted connector and the external system and/or to configure the connection between the trusted connector and the private resource.
12 . The method of claim 11 , wherein the configuration of the trusted connector is at least partially accessible to an administrator of the private enterprise system.
13 . The method of claim 11 , wherein the configuration of the trusted connector is at least partially accessible to the external system.
14 . The method of claim 1 , wherein the security includes a firewall.
15 . The method of claim 1 , wherein the private resource includes one or more private servers.
16 . The method of claim 15 , wherein at least some of the one or more private servers handles the same type of requests.
17 . The method of claim 15 , wherein the private resource includes a first private server and a second private server, wherein the first private server and the second private server handle different types of requests.
18 . The method of claim 2 , wherein logging of communications directed to the trusted connector includes security audit logging of security auditable events or activities.
19 . The method of claim 18 , wherein security audit logging of security auditable events or activities includes logging security audible events or activities that are required by government rules and regulations.
20 . A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network for authenticating an online user, the method comprising the steps of:
receiving a first request for authenticating the online user with information related to a credential of the online user and a private resource for verifying the credential, wherein the private resource resides in an enterprise system behind a security; triggering a trusted connector, residing in the enterprise system behind the security, to establish a secure communication channel; sending a second request to the trusted connector via the secure communication channel requesting the private resource to verify the credential, wherein the second request is to be interpreted by the trusted connector before an interpreted request is sent from the trusted connector to the private resource; receiving a response from the trusted connector via the secure communication channel related to the verification of the credential, wherein the response is generated by the private resource and interpreted by the trusted connector; and authenticating the online user based on the response.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.