US 12,294,573 B2
Securely preserving prior security tokens for recall
Chunlong Liang, Travis, TX (US); Jose Angel Rodriguez, Austin, TX (US); James T. Mulvey, Red Hook, NY (US); Jose I. Ortiz, Raleigh, NC (US); and Xiaoyan Yanni Zhang, Austin, TX (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Dec. 10, 2021, as Appl. No. 17/547,559.
Prior Publication US 2023/0188515 A1, Jun. 15, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 9/54 (2006.01); H04L 9/32 (2006.01); H04L 67/02 (2022.01)
CPC H04L 63/083 (2013.01) [G06F 9/547 (2013.01); H04L 9/3213 (2013.01); H04L 9/3226 (2013.01); H04L 67/02 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for optimizing security token exchange associated with a plurality of domains, the computer-implemented method comprising:
receiving, by one or more processors, at a second service in a second domain, a first request from a client in a first domain;
extracting, by the one or more processors, a second security token, associated with a security service in the second domain, and a reference to a first application programming interface (API) from one or more APIs associated with the first request;
validating, by the one or more processors, the second security token at the second security service, wherein the second security token contains a second bearer header;
responsive to the second security token being valid, executing actions comprising:
retrieving, by the one or more processors, a first security token, associated with the first domain, based on a call to the first API, wherein the first security token contains a first bearer header;
embedding, by the one or more processors, the second security token in a second API; and
sending, by the one or more processors, a second request comprising a third security token and the reference to the second API from one or more APIs to a third service in a third domain;
responsive to the second security token not being valid, sending, by the one or more processors, a reply to the client in the first domain denying the first request;
validating, the third security token from a third request, wherein the third security token is retrievable with a third API from one or more APIs, wherein the third security token contains a third bearer header; and
storing an exchange history associated with, at least, the first security token, the second security token and previous security tokens, wherein a token reference comprises of, a resource identification based on the exchange history or URL (uniform resource locator) associated with the exchange history.