Systems and methods for providing single sign-on authentication services
First Claim
1. A system for providing single sign-on services between a user device and a plurality of application servers providing application services, the system comprising:
- a system server coupled to a plurality of application servers, the plurality of application servers providing application services to a user, the system server operating to;
register a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers;
receive, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device;
analyze the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers;
decrypt the encrypted data using the first key;
generate a second key using the password;
encrypt the decrypted data using the second key; and
transmit, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the disclosure enable a system to provide authentication services. The system includes a system server that receives data associated with an application service, uses a first key associated with a device identifier corresponding to a user device to decrypt the data associated with the application service, uses a second key associated with a password stored at the system server to encrypt the data associated with the application service, and transmits, to an application server, the data associated with the application service such that the application server is configured to provide the application service for a user associated with the user device. Aspects of the disclosure provide for transmitting sensitive data in a secure and user-friendly manner.
66 Citations
20 Claims
-
1. A system for providing single sign-on services between a user device and a plurality of application servers providing application services, the system comprising:
a system server coupled to a plurality of application servers, the plurality of application servers providing application services to a user, the system server operating to; register a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers; receive, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device; analyze the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers; decrypt the encrypted data using the first key; generate a second key using the password; encrypt the decrypted data using the second key; and transmit, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. One or more computer storage media embodied with instructions executable by one or more processors for providing single sign-on services between a user device and a plurality of application servers providing application services, that when executed by the one or more processors perform operations comprising:
-
registering, by a system server, a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers; receiving, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device; analyzing the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers; decrypting the encrypted data using the first key; generating a second key using the password; encrypting the decrypted data using the second key; and transmitting, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key. - View Dependent Claims (15, 16)
-
-
17. A computer-implemented method for providing single sign-on services between a user device and a plurality of application servers providing application services, the computer-implemented method comprising:
-
registering, by a system server, a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers; receiving, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device; analyzing the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers; decrypting the encrypted data using the first key; generating a second key using the password; encrypting the decrypted data using the second key; and transmitting, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key. - View Dependent Claims (18, 19, 20)
-
Specification