	US 11,956,371 B2
	Recursive token binding for cascaded service calls
Michael Engan, Bellevue, WA (US); Douglas McDorman, Sammamish, WA (US); James Latham, Redmond, WA (US); and Vikash Kodati, Issaquah, WA (US)
Assigned to T-Mobile USA, Inc., Bellevue, WA (US)
Filed by T-Mobile USA, Inc., Bellevue, WA (US)
Filed on Jun. 30, 2021, as Appl. No. 17/364,705.
Application 17/364,705 is a continuation of application No. 16/366,340, filed on Mar. 27, 2019, granted, now 11,095,455.
Claims priority of provisional application 62/653,539, filed on Apr. 5, 2018.
Prior Publication US 2021/0328811 A1, Oct. 21, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)

CPC H04L 9/3247 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0825 (2013.01); H04L 9/3073 (2013.01); H04L 9/3213 (2013.01); H04L 63/168 (2013.01)]

18 Claims

1. A computer-implemented method, comprising:

under control of one or more processors:

receiving, at a second service provider (2-SP) server, a service request to access a secure service provided by a first service provider (1-SP) server;

determining that an additional secure service is required from a third-party service provider (3-SP) server to fulfill the service request;

calculating a cryptographic hash of a 2-SP payload indicating the additional secure service;

generating a 2-SP public-private key pair that is associated with the 2-SP server;

generating a 2-SP digital signature based at least in part on the cryptographic hash and a private key of the 2-SP public-private key pair;

generating a 2-SP recursive authentication token (i) that is associated with the 2-SP server for delivery to the 3-SP server and (ii) that includes the 2-SP digital signature and the 2-SP payload; and

transmitting the 2-SP recursive authentication token to the 3-SP server.