Log-on service providing credential level change without loss of session continuity
0 Assignments
0 Petitions
Accused Products
Abstract
A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.
169 Citations
21 Claims
-
1. (canceled)
-
2. A method for providing access to a plurality of secured information resources in a networked information environment, the method comprising:
-
allocating a new session and an associated default credential if an access request either does not indicate a session token or indicates an invalid session token;
authorizing the access request based, at least in part, on the allocated default credential, wherein the access request targets at least one of the secured information resources. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A security framework for a set of one or more information resources, the security framework comprising:
-
a gatekeeper operable to determine if an access request indicates an invalid session token or does not indicate a session token; and
a session management component operable to allocate a session and a default credential for an access request that the gatekeeper determines as indicating an invalid session token or no session token. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a network interface operable to receive access requests; and
means for allocating a session and a default credential for an access request that either indicates an invalid session token or does not indicate a session token, wherein the access requests target one or more information resources secured by the apparatus. - View Dependent Claims (18, 19, 20, 21)
-
Specification