Authentication context transfer for accessing computing resources via single sign-on with single use access tokens

US 10,382,426 B2
Filed: 07/02/2015
Issued: 08/13/2019
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:

authenticating, by any of one or more computer processors, data representing a security credential of a user;

generating, by any of the one or more computer processors, a single use access token in response to authentication of the security credential of the user, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token, the single use access token including data representing the security credential of the user, wherein to expire includes marking done the single use access token;

generating, by any of the one or more computer processors, executable code that includes the single use access token therein, wherein the executable code functions to transfer the single use access token; and

digitally signing, by any of the one or more computer processors, the executable code with a digital signature;

wherein, the executable code comprises instructions that, when provided onto and executed by a computing device of the user cause the computing device to check the validity of the digital signature included with the executable code and, in response to validating the digital signature included with the executable code, install at least one application that utilizes the single use access token and the single use access token onto a computer-readable medium of the computing device of the user,further cause the at least one application to validate the single use access token transferred to the computing device by the executable code with a single use token service, andfurther cause the at least one application to use the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credential of the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for accessing computing resources using secure single sign on authentication with a single use access token, including website-to-desktop application delivery and secure transfer of context information from the website to the desktop application once valid security credentials are provided from the same end-user computing device. A user signs onto a web application once using the security credentials. A web-based single use token generator generates a single use access token based on the user-supplied security credentials. A web-based context embedder service dynamically generates a context carrier and transfer application including the single use access token. The context carrier and transfer application is provided to an end-user computing device, which, when executed locally, installs a desktop application onto the end-user computing device. The desktop application utilizes the single use access token to access a secure, cloud-based computing resource. The single use access token expires after one use.

Citations

12 Claims

1. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
- authenticating, by any of one or more computer processors, data representing a security credential of a user;
  
  generating, by any of the one or more computer processors, a single use access token in response to authentication of the security credential of the user, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token, the single use access token including data representing the security credential of the user, wherein to expire includes marking done the single use access token;
  
  generating, by any of the one or more computer processors, executable code that includes the single use access token therein, wherein the executable code functions to transfer the single use access token; and
  
  digitally signing, by any of the one or more computer processors, the executable code with a digital signature;
  
  wherein, the executable code comprises instructions that, when provided onto and executed by a computing device of the user cause the computing device to check the validity of the digital signature included with the executable code and, in response to validating the digital signature included with the executable code, install at least one application that utilizes the single use access token and the single use access token onto a computer-readable medium of the computing device of the user,further cause the at least one application to validate the single use access token transferred to the computing device by the executable code with a single use token service, andfurther cause the at least one application to use the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credential of the user.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising storing a copy of data representing the single use access token separately from the executable code and in a single use token store.

3. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
- prompting, by a computer processor, a user to provide a security credential on a first occasion;
  
  sending, by the computer processor, the security credential of the user to a remote computing system via a browser;
  
  receiving, by the computer processor and in response to authentication of the security credential of the user by the remote computing system, executable code that includes a single use access token therein, the single use access token including data representing the security credential of the user, wherein the executable code is digitally signed with a digital signature, wherein the executable code functions to transfer the single use access token, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token;
  
  validating, by the computer processor, the digital signature included with the executable code; and
  
  in response to validating the digital signature included with the executable code,installing, by the computer processor as a result of execution of the executable code, a desktop application that utilizes the single use access token and the single use access token onto a computer-readable medium, the desktop application being different than the browser;
  
  validating, via execution of the desktop application, the single use access token with a single use token service; and
  
  using, via execution of the desktop application, the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credentials of the user.
- View Dependent Claims (4, 5, 6)
- - 4. The method of claim 3, further comprising validating, by the computer processor and via the desktop application, the single use access token without prompting the user to provide the security credential on a second, subsequent occasion.
  - 5. The method of claim 4, further comprising at least one of expiring and marking done, by the computer processor, the single use access token.
  - 6. The method of claim 3, further comprising prompting the user to provide the security credential on a second, subsequent occasion in response to receiving an invalid or expired single use access token included with the executable code.

7. A system comprising:
- a non-transitory storage; and
  
  one or more computer processors at least partly implemented in hardware and operatively coupled to the storage, the one or more computer processors configured to execute instructions stored in the storage that when executed cause any of the one or more computer processors to carry out a process comprising;
  
  receiving data representing a security credential of a user;
  
  authenticating the security credential of the user;
  
  generating a single use access token in response to authentication of the security credential of the user, the single use access token being configured to expire for purposes of validation after a single such validation of the security credential of the user occurs against the single use access token by any application utilizing the single use access token, the single use access token including data representing the security credential of the user, wherein to expire includes marking done the single use access token;
  
  generating executable code that includes the single use access token therein, wherein the executable code functions to transfer the single use access token; and
  
  digitally signing the executable code with a digital signature;
  
  wherein the executable code comprises instructions that, when provided onto and executed by a computing device of the user,cause the computing device to check the validity of the digital signature included with the executable code and, in response to validating the digital signature included with the executable code, install at least one application that utilizes the single use access token and the single use access token onto a computer-readable medium of the computing device of the user,further cause the at least one application to validate the single use access token transferred to the computing device by the executable code with a single use token service, andfurther cause the at least one application to use the validated single use access token as the security credential of the user to access a protected computing resource without requiring entry of the security credential of the user.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the process further comprises storing a copy of data representing the single use access token separately from the executable code and in a single use token store.
  - 9. The system of claim 7, wherein the process further comprises:
    - prompting, via a web application, a user to provide a security credential on a first occasion;
      
      authenticating the security credential of the user via the web application; and
      
      generating, in response to authentication of the security credential, the executable code having the single use access token encoded therewith.
  - 10. The system of claim 9, wherein the process further comprises validating, via the application, the single use access token without prompting the user to provide the security credential on a second, subsequent occasion.
  - 11. The system of claim 10, wherein the process further comprises at least one of expiring and marking done the single use access token subsequent to the validating of the single use access token.
  - 12. The system of claim 9, wherein the process further comprises prompting the user to provide the security credential on a second, subsequent occasion in response to receiving an invalid or expired single use access token included with the executable code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Inc.
Inventors
Falodiya, Aditya
Primary Examiner(s)
Kabir, Jahangir

Application Number

US14/790,985
Publication Number

US 20170006020A1
Time in Patent Office

1,503 Days
Field of Search

726 6
US Class Current
CPC Class Codes

G06F 8/61   Installation

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

Authentication context transfer for accessing computing resources via single sign-on with single use access tokens

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication context transfer for accessing computing resources via single sign-on with single use access tokens

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links