| CPC H04L 63/0823 (2013.01) [H04L 63/0435 (2013.01); H04L 63/0876 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A system comprising:
a first system including a plurality of first computing devices located at a first site, the first system in communication with a shared identity provider system that maintains user credential information for at least users of the first system and a second system, the second system including a plurality of second computing devices located at a second site that is different from the first site, at least one first computing device of the plurality of first computing devices in the first system including one or more processors configured by executable instructions to perform operations comprising:
receiving, by the at least one first computing device, a certificate of the second system including the plurality of second computing a devices located at the second site that is different from the first site, the certificate of the second system including a public cryptographic key of the second system and an identity of the second system;
in response to receiving the certificate of the second system, sending, by the at least one first computing device, to the second system, the certificate of the second system;
in response to sending the certificate of the second system to the second system, receiving, from the second system a response signed with the certificate of the second system indicating that the first system can trust communications from the second system;
obtaining, by the at least one first computing device, from the shared identity provider system, a credential of a user of the second system;
in response to receiving the response signed with the certificate of the second system indicating that the first system can trust the second system, sending, by the at least one first computing device, the credential of the user of the second system to the second system, the second system redirecting the credential to the shared identity provider system for authentication, wherein the authentication indicates that the second system can trust communications from the first system;
sending, by the at least one first computing device, to the second system, a certificate of the first system, the certificate of the first system including a public cryptographic key of the first system and an identity of the first system,
wherein, based at least on the at least one first computing device receiving the response signed with the certificate of the second system, and further based on authentication of the credential of the user of the second system, trusted communications are established between the first system and the second system.
|