System and method for securing authentication information in a networked environment
First Claim
1. A system, comprising:
- a remote service comprising instructions on a non-transitory computer for executing on a processor of a computing device coupled to a network, the instructions for;
in response to an access over the network to the remote service operated by a first party from a client device operated by a second party, providing an authentication module and a public key from the remote service to the client device operated by the second party over the network, the authentication module for encrypting original authentication information provided by the first party at the client device with the public key to generate encrypted authentication information;
receiving the encrypted authentication information from the client device operated by the second party at the remote service operated by the first party over the network;
providing, over the network, the encrypted authentication information to an on-premises component behind a firewall of an enterprise operated by a third party distinct from the first party, wherein the enterprise is one of a plurality of enterprises and the public key is one a plurality of public keys, each enterprise of the plurality of enterprises having an associated public key of the plurality of public keys stored at the remote service; and
receiving a result of a validation from the on-premises component of the enterprise operated by the third party at the remote service operated by the first party over the network, wherein the on-premises component determines the result of the validation by decrypting the provided encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information, performing the validation on the original authentication information, and returning the result of the validation to the remote service over a network.
4 Assignments
0 Petitions
Accused Products
Abstract
This disclosure is directed to systems and methods for securely communicating authentication information in a networked environment such as one involving a client device, a cloud based computing platform, and an enterprise computing environment. Some embodiments may include encrypting, by a client device using a public key, authentication information provided by a user. The encrypted authentication information is sent to a cloud based service which then sends it to an on-premises component residing behind a firewall of an enterprise. The on-premises component decrypts the authentication information using a private key, validates the authentication information, and returns the result to the cloud based service over a network. If validated, the cloud based service establishes a secure connection between the client device and the on-premises component such that the user can access the enterprise'"'"'s content without the enterprise having to share the authentication information with the cloud based service.
15 Citations
18 Claims
-
1. A system, comprising:
-
a remote service comprising instructions on a non-transitory computer for executing on a processor of a computing device coupled to a network, the instructions for; in response to an access over the network to the remote service operated by a first party from a client device operated by a second party, providing an authentication module and a public key from the remote service to the client device operated by the second party over the network, the authentication module for encrypting original authentication information provided by the first party at the client device with the public key to generate encrypted authentication information; receiving the encrypted authentication information from the client device operated by the second party at the remote service operated by the first party over the network; providing, over the network, the encrypted authentication information to an on-premises component behind a firewall of an enterprise operated by a third party distinct from the first party, wherein the enterprise is one of a plurality of enterprises and the public key is one a plurality of public keys, each enterprise of the plurality of enterprises having an associated public key of the plurality of public keys stored at the remote service; and receiving a result of a validation from the on-premises component of the enterprise operated by the third party at the remote service operated by the first party over the network, wherein the on-premises component determines the result of the validation by decrypting the provided encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information, performing the validation on the original authentication information, and returning the result of the validation to the remote service over a network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable media storing instructions executable on a processor for:
-
in response to an access over a network to a remote service operated by a first party from a client device operated by a second party, providing an authentication module and a public key from the remote service to the client device operated by the second party over the network, the authentication module for encrypting original authentication information provided by the first party at the client device with the public key to generate encrypted authentication information; receiving the encrypted authentication information from the client device operated by the second party at the remote service operated by the first party over the network; providing, over the network, the encrypted authentication information to an on-premises component behind a firewall of an enterprise operated by a third party distinct from the first party, wherein the enterprise is one of a plurality of enterprises and the public key is one a plurality of public keys, each enterprise of the plurality of enterprises having an associated public key of the plurality of public keys stored at the remote service; and receiving a result of a validation from the on-premises component of the enterprise operated by the third party at the remote service operated by the first party over the network, wherein the on-premises component determines the result of the validation by decrypting the provided encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information, performing the validation on the original authentication information, and returning the result of the validation to the remote service over a network. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
in response to an access over a network to a remote service operated by a first party from a client device operated by a second party, providing an authentication module and a public key from the remote service to the client device operated by the second party over the network, the authentication module for encrypting original authentication information provided by the first party at the client device with the public key to generate encrypted authentication information; receiving the encrypted authentication information from the client device operated by the second party at the remote service operated by the first party over the network; providing, over the network, the encrypted authentication information to an on-premises component behind a firewall of an enterprise operated by a third party distinct from the first party, wherein the enterprise is one of a plurality of enterprises and the public key is one a plurality of public keys, each enterprise of the plurality of enterprises having an associated public key of the plurality of public keys stored at the remote service; receiving a result of a validation from the on-premises component of the enterprise operated by the third party at the remote service operated by the first party over the network, wherein the on-premises component determines the result of the validation by decrypting the provided encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information, performing the validation on the original authentication information, and returning the result of the validation to the remote service over a network. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification