&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
</head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12413575.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,413,575 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Authenticating and authorizing api calls with multiple factors</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Martin Smolny,  Boeblingen (DE); and  Marco Pavone,  Ehningen (DE)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  INTERNATIONAL BUSINESS MACHINES CORPORATION,  Armonk, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  INTERNATIONAL BUSINESS MACHINES CORPORATION,  Armonk, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Mar.  23, 2022, as Appl. No. 17/701,861.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0308432 A1, Sep.  28, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/083</b></i> (2013.01)&#xa0;[<i><b>H04L 63/102</b></i> (2013.01); <i><b>H04L 63/166</b></i> (2013.01); <i><b>H04L 63/20</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12413575-20250909-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer-implemented method for authenticating and authorizing a user identifier to access a service secured by an identity access management system, wherein said service is activated through a service application programming interface that requires a two-factor authorization to initiate execution of said service for said requesting user identifier, wherein said method comprises:<div class="claim_text">generating, by an identity access management system, a client certificate, wherein said client certificate corresponds to a client device, and wherein said client certificate constitutes first data;</div>
                <div class="claim_text">receiving, by one or more processors, a service request together with said first data for a first authentication method and second data for a second authentication method, wherein said service request connects with an application programming interface of said service;</div>
                <div class="claim_text">confirming, by the one or more processors, a correctness of said first data as a first identity pass key using said first authentication method;</div>
                <div class="claim_text">generating, by the identity access management system, upon confirming the correctness of said first data, an application programming interface key, wherein said application programming interface key constitutes said second data;</div>
                <div class="claim_text">confirming, by the one or more processors, a correctness of said second data as a second identity pass key using said second authentication method, wherein a confirmed first identity pass key is included as input to said second authentication method, and wherein said second authentication method differs from said first authentication method; and</div>
                <div class="claim_text">executing, by the one or more processors, said service, in response to receipt of said confirmed correctness of both said first identity pass key and said second identity pass key wherein based on a first policy of the first identity pass key and a second policy of the second identity pass key of the identity access management system said first identity pass key and said second identity pass key authorize a first action based on the first policy and a second action based on the second policy of said service.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>