Systems and methods for state-less authentication
First Claim
1. A method of enabling access to a resource of a processing system, comprising the steps of:
- establishing a secure communication session between a user desiring access and a logon component of the processing system;
verifying that logon information, provided by the user to the logon component during the secure communication session, matches stored information identifying the user to the processing system;
generating a security context from the logon information and authorization information that is necessary for access to the resource;
providing the security context to the user; and
sending, by the user to the processing system, the security context and a request for access to the resource.
9 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for providing user logon and state-less authentication are described in a distributed processing environment. Upon an attempted access by a user to an online resource, transaction, or record, a logon component asks the user to supply a logon ID and a password. The logon component verifies the provided information, and upon successful identification, a security context is constructed from information relevant to the user. The security context is sent to the user and is presented to the system each time the user attempts to invoke a new resource, such as a program object, transaction, record, or certified printer avoiding the need for repeated logon processing.
-
Citations
41 Claims
-
1. A method of enabling access to a resource of a processing system, comprising the steps of:
-
establishing a secure communication session between a user desiring access and a logon component of the processing system;
verifying that logon information, provided by the user to the logon component during the secure communication session, matches stored information identifying the user to the processing system;
generating a security context from the logon information and authorization information that is necessary for access to the resource;
providing the security context to the user; and
sending, by the user to the processing system, the security context and a request for access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
18. A method of accessing a resource of a processing system, comprising the steps of:
-
providing by a user logon information to a logon component of the processing system during a secure communication session between the user and the processing system;
verifying that the provided logon information matches stored information identifying the user to the processing system;
generating a security context from the logon information and authorization information that is necessary for access to the resource, wherein the security context comprises a plaintext header and an encrypted body;
the plaintext header comprises a security context ID, a key handle, and an algorithm identifier and key size; and
the encrypted body comprises at least one of a user identifier, an organization identifier, access information, an expiration time, public key information, symmetric key information, and a hash;
providing the security context to the user;
sending, by the user to the processing system, the security context and a request for access to the resource; and
determining, by a stateless component of the processing system, based on the security context sent with the request for access by the user, whether access to the requested resource should be granted to the user.
-
-
29. A processing system having resources that are selectively accessible to users, the resources including processors, program objects, and records, the processing system comprising:
-
a communication device through which a user desiring access to a resource communicates sends and receives information in a secure communication session with the processing system;
an information database that stores information identifying users to the processing system and authorization information that identifies resources accessible to users and that is necessary for access to resources; and
a logon component that communicates with the communication device and with the information database, wherein the logon component receives logon information provided by the user during the secure communication session, verifies the received logon information by matching against information identifying the user to the processing system that is retrieved from the information database, and generates a security context from the received logon information and authorization information;
wherein the logon component provides the security context to the user'"'"'s communication device, and the user sends, to the processing system, the security context and a request for access to a resource.
-
Specification