Systems and methods for providing single sign-on authentication services

US 10,382,428 B2
Filed: 09/21/2016
Issued: 08/13/2019
Est. Priority Date: 09/21/2016
Status: Active Grant

First Claim

Patent Images

1. A system for providing single sign-on services between a user device and a plurality of application servers providing application services, the system comprising:

a system server coupled to a plurality of application servers, the plurality of application servers providing application services to a user, the system server operating to;

register a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers;

receive, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device;

analyze the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers;

decrypt the encrypted data using the first key;

generate a second key using the password;

encrypt the decrypted data using the second key; and

transmit, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure enable a system to provide authentication services. The system includes a system server that receives data associated with an application service, uses a first key associated with a device identifier corresponding to a user device to decrypt the data associated with the application service, uses a second key associated with a password stored at the system server to encrypt the data associated with the application service, and transmits, to an application server, the data associated with the application service such that the application server is configured to provide the application service for a user associated with the user device. Aspects of the disclosure provide for transmitting sensitive data in a secure and user-friendly manner.

66 Citations

View as Search Results

20 Claims

1. A system for providing single sign-on services between a user device and a plurality of application servers providing application services, the system comprising:
- a system server coupled to a plurality of application servers, the plurality of application servers providing application services to a user, the system server operating to;
  
  register a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers;
  
  receive, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device;
  
  analyze the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers;
  
  decrypt the encrypted data using the first key;
  
  generate a second key using the password;
  
  encrypt the decrypted data using the second key; and
  
  transmit, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the system server further operates to:
    - receive a request to register the user device; and
      
      map one or more of a device identifier to the user device or one or more passwords to the plurality of application servers.
  - 3. The system of claim 1, wherein one or more passwords are stored on the system server and the system server selects a password of the one or more passwords, based on the received request.
  - 4. The system of claim 1, wherein the system server further operates to:
    - transmit, to the user device, the first key pair.
  - 5. The system of claim 1, wherein account data is used to authenticate the user.
  - 6. The system of claim 1, wherein the system server further operates to:
    - receive, from the user device, a request to access the one of the plurality of application servers; and
      
      determine whether the user device is authorized to access the one of the plurality of application servers.
  - 7. The system of claim 1, wherein the system server further operates to:
    - generate a key generator for generating a key pair including one of the first key or the second key; and
      
      transmit the key generator to the user device or one or more application servers of the plurality of the application servers.
  - 8. The system of claim 1, wherein the system server has access to account data and stores the account data to at least authenticate the user device.
  - 9. The system of claim 1, wherein the system server further operates to:
    - receive, from the user device, a request to access one of the plurality of application servers; and
      
      determine if the user device is authorized to access the one of the plurality of application servers.
  - 10. The system of claim 1, wherein the system server further operates to analyze the received data destined for the at least one of the application services to identify, from the plurality of application servers, the one of the plurality of application servers.
  - 11. The system of claim 1, wherein the one of the plurality of application servers further receives, from the system server, the transmitted data associated with the at least one of the application services;
    - and uses a second corresponding key to decrypt the transmitted data to provide the application services.
  - 12. The system of claim 1, wherein registering the user device for accessing application services provided by the plurality of application servers comprises registering the user device for the application services provided by the plurality of application servers for preapproved applications associated with the user device.
  - 13. The system of claim 1, wherein the one of the plurality of application servers further determines whether the user device or the system server or both are authorized to access the one of the plurality of application servers.

14. One or more computer storage media embodied with instructions executable by one or more processors for providing single sign-on services between a user device and a plurality of application servers providing application services, that when executed by the one or more processors perform operations comprising:
- registering, by a system server, a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers;
  
  receiving, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device;
  
  analyzing the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers;
  
  decrypting the encrypted data using the first key;
  
  generating a second key using the password;
  
  encrypting the decrypted data using the second key; and
  
  transmitting, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key.
- View Dependent Claims (15, 16)
- - 15. The one or more computer storage media of claim 14, wherein the instructions executed by the one or more processors perform further operations comprising obtaining a request to register the user device, and processing the request such that the device identifier is mapped to the user device.
  - 16. The one or more computer storage media of claim 14, wherein account data is used to authenticate the user.

17. A computer-implemented method for providing single sign-on services between a user device and a plurality of application servers providing application services, the computer-implemented method comprising:
- registering, by a system server, a user device associated with a user based on receiving one or more passwords from the user device for accessing application services provided by the plurality of application servers;
  
  receiving, from the user device, a request to access one of the plurality of application servers, the received request including data encrypted at the user device using a first corresponding key of a first key pair, the first key pair being generated by the system server based on a key threshold allowing the first key pair to be updated systematically or periodically or both, the first corresponding key associated with identifier data associated with the user device;
  
  analyzing the received request to identify the user device and a first key of the first key pair for decrypting the encrypted data, the first key being associated with the user device, and a password stored at the system server, the password being previously provided by the user for accessing the one of the plurality of application servers;
  
  decrypting the encrypted data using the first key;
  
  generating a second key using the password;
  
  encrypting the decrypted data using the second key; and
  
  transmitting, to the one of the plurality of application servers, the data encrypted using the second key for the one of the plurality of application servers to provide at least one of the application services to the user based on the transmitted data by identifying the second key and identifying a second corresponding key based on the identified second key and decrypting the transmitted data using the identified second corresponding key.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented method of claim 17 wherein the first key is generated based on a first key threshold being satisfied.
  - 19. The computer-implemented method of claim 17 further comprising:
    - transmitting, to the user device, the first key pair.
  - 20. The computer-implemented method of claim 17, wherein the system server communicates with the one of the plurality of application servers which is associated with a set of preapproved applications associated with the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Gummididala, Srinivas M, Pappula, Vikram, Jangi, Arvind
Primary Examiner(s)
Zarrineh, Shahriar

Application Number

US15/271,438
Publication Number

US 20180083952A1
Time in Patent Office

1,056 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 9/321   involving a third party or ...

Systems and methods for providing single sign-on authentication services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing single sign-on authentication services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links