| CPC H04L 63/102 (2013.01) [H04L 63/083 (2013.01); H04L 63/0884 (2013.01)] | 18 Claims |
|
1. A method, comprising:
receiving, by a server via a gateway from a customer device, a first request to access to a resource, the first request including an identifier of the customer device and a first token used by the gateway to authenticate the customer device;
validating, by the server, the first token based on identifying the gateway as corresponding to one of a plurality of gateways trusted with authentication on behalf of the server, the gateway configured to generate the first token responsive to authentication of the customer device;
creating, by the server responsive to validating the first token, a second token to be used to authorize the customer device to access the resource;
generating, by the server, an association identifying the identifier of the customer device, the first token, and the second token, wherein the association is configured to provide the customer device access to the resource by permitting a second request from the customer device subsequent to the first request;
transmitting, by the server to the gateway, a response to provide the customer device access to the resource in accordance with the association;
applying, by the server, a policy identifying a plurality of conditions to determine whether the association is to be maintained or revoked;
determining, by the server, that the association satisfies a condition of the plurality of conditions to revoke; and
disabling, by the server, the association restrict the customer device from accessing the resource, responsive to determining that the association satisfies the condition to revoke.
|