FEDERATED AUTHENTICATION OF CLIENT COMPUTERS IN NETWORKED DATA COMMUNICATIONS SERVICES CALLABLE BY APPLICATIONS

摘要

A data processing method comprises: using authentication logic of a server computer, establishing a secure socket connection with a client computer; receiving, from the client computer, a request to use a communications service that is implemented at the server computer, and in response to the request, determining that the client computer is unauthenticated; providing a nonce value to the client computer; receiving from the client computer an encrypted identity token that includes the nonce and a user identifier, wherein the identity token has been encrypted using a provider computer and an encryption key of the provider computer, wherein the encryption key is known at the server computer; validating the identity token and obtaining the user identifier therein; creating and storing a session token that is uniquely associated with the client computer and that includes a session identifier, the user identifier, and a binding to the secure socket connection.