Single sign-on process
First Claim
1. Single sign-on process allowing a mobile user with a mobile equipment to remote-access a remote location, comprising the steps of:
- (1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote location, (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment, (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote location, characterised in that at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.
9 Assignments
0 Petitions
Accused Products
Abstract
Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of:
(1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote server,
(2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment,
(3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment,
(4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote server,
wherein at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.
167 Citations
38 Claims
-
1. Single sign-on process allowing a mobile user with a mobile equipment to remote-access a remote location, comprising the steps of:
-
(1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote location, (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment, (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote location, characterised in that at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
- 21. Smart-card that can be used in a mobile equipment for authenticating the user of said mobile equipment in order to remote-access a remote location, characterised by processing means for delivering a plurality of authenticators for authenticating said user in a plurality of intermediate equipment in order to establish a plurality of successive communication layers between said mobile equipment and said remote location.
-
32. Smart-card comprising:
-
a synchronization private key for decrypting an old and a new secret encrypted with a corresponding synchronization public key, comparison means for comparing said old decrypted secret with the secret stored in said mobile equipment, and comparing said decrypted new secret with a new secret entered in said mobile equipment, means for replacing said secret stored in said mobile equipment with said decrypted new secret when both comparisons are positive. - View Dependent Claims (33)
-
-
34. Process for replacing a secret in a plurality of equipment in a network, comprising the steps of:
-
replacing an old secret by a new secret in a first equipment, encrypting the old and the new secret with a synchronization public key of a second equipment in said first equipment, entering the new secret in said second equipment, transmitting the encrypted old and new secrets to said second equipment, decrypting said old and new secret with a synchronization private key of said second equipment and corresponding to said synchronization public key, comparing said old decrypted secret with the secret stored in said second equipment, and comparing said decrypted new secret with said secret entered in said second equipment, if both comparisons are positive, replacing said secret stored in said second equipment with said decrypted new secret, otherwise denying replacement of secret. - View Dependent Claims (35, 36, 37, 38)
-
Specification