Authentication context transfer for accessing computing resources via single sign-on with single use access tokens
First Claim
1. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
- authenticating, by any of one or more computer processors, data representing a security credential of a user;
generating, by any of the one or more computer processors, a single use access token in response to authentication of the security credential of the user, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token, the single use access token including data representing the security credential of the user, wherein to expire includes marking done the single use access token;
generating, by any of the one or more computer processors, executable code that includes the single use access token therein, wherein the executable code functions to transfer the single use access token; and
digitally signing, by any of the one or more computer processors, the executable code with a digital signature;
wherein, the executable code comprises instructions that, when provided onto and executed by a computing device of the user cause the computing device to check the validity of the digital signature included with the executable code and, in response to validating the digital signature included with the executable code, install at least one application that utilizes the single use access token and the single use access token onto a computer-readable medium of the computing device of the user,further cause the at least one application to validate the single use access token transferred to the computing device by the executable code with a single use token service, andfurther cause the at least one application to use the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credential of the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for accessing computing resources using secure single sign on authentication with a single use access token, including website-to-desktop application delivery and secure transfer of context information from the website to the desktop application once valid security credentials are provided from the same end-user computing device. A user signs onto a web application once using the security credentials. A web-based single use token generator generates a single use access token based on the user-supplied security credentials. A web-based context embedder service dynamically generates a context carrier and transfer application including the single use access token. The context carrier and transfer application is provided to an end-user computing device, which, when executed locally, installs a desktop application onto the end-user computing device. The desktop application utilizes the single use access token to access a secure, cloud-based computing resource. The single use access token expires after one use.
-
Citations
12 Claims
-
1. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
-
authenticating, by any of one or more computer processors, data representing a security credential of a user; generating, by any of the one or more computer processors, a single use access token in response to authentication of the security credential of the user, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token, the single use access token including data representing the security credential of the user, wherein to expire includes marking done the single use access token; generating, by any of the one or more computer processors, executable code that includes the single use access token therein, wherein the executable code functions to transfer the single use access token; and digitally signing, by any of the one or more computer processors, the executable code with a digital signature; wherein, the executable code comprises instructions that, when provided onto and executed by a computing device of the user cause the computing device to check the validity of the digital signature included with the executable code and, in response to validating the digital signature included with the executable code, install at least one application that utilizes the single use access token and the single use access token onto a computer-readable medium of the computing device of the user, further cause the at least one application to validate the single use access token transferred to the computing device by the executable code with a single use token service, and further cause the at least one application to use the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credential of the user. - View Dependent Claims (2)
-
-
3. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
-
prompting, by a computer processor, a user to provide a security credential on a first occasion; sending, by the computer processor, the security credential of the user to a remote computing system via a browser; receiving, by the computer processor and in response to authentication of the security credential of the user by the remote computing system, executable code that includes a single use access token therein, the single use access token including data representing the security credential of the user, wherein the executable code is digitally signed with a digital signature, wherein the executable code functions to transfer the single use access token, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token; validating, by the computer processor, the digital signature included with the executable code; and in response to validating the digital signature included with the executable code, installing, by the computer processor as a result of execution of the executable code, a desktop application that utilizes the single use access token and the single use access token onto a computer-readable medium, the desktop application being different than the browser; validating, via execution of the desktop application, the single use access token with a single use token service; and using, via execution of the desktop application, the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credentials of the user. - View Dependent Claims (4, 5, 6)
-
-
7. A system comprising:
-
a non-transitory storage; and one or more computer processors at least partly implemented in hardware and operatively coupled to the storage, the one or more computer processors configured to execute instructions stored in the storage that when executed cause any of the one or more computer processors to carry out a process comprising; receiving data representing a security credential of a user; authenticating the security credential of the user; generating a single use access token in response to authentication of the security credential of the user, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token, the single use access token including data representing the security credential of the user, wherein to expire includes marking done the single use access token; generating executable code that includes the single use access token therein, wherein the executable code functions to transfer the single use access token; and digitally signing the executable code with a digital signature; wherein the executable code comprises instructions that, when provided onto and executed by a computing device of the user, cause the computing device to check the validity of the digital signature included with the executable code and, in response to validating the digital signature included with the executable code, install at least one application that utilizes the single use access token and the single use access token onto a computer-readable medium of the computing device of the user, further cause the at least one application to validate the single use access token transferred to the computing device by the executable code with a single use token service, and further cause the at least one application to use the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credential of the user. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification