Service provider anonymization in a single sign-on system
1 Assignment
0 Petitions
Accused Products
Abstract
A method for sign-on in a network based communications environment is described. Authentication of a first entity is requested by a second entity for accessing a service to be provided by the second entity to the first entity. The authentication is provided by a third entity. Data that identify the second entity are blinded towards the third entity. Blinding means that data identifying the second entity are modified such that the blinded data do not provide any information on the basis of which the second entity can be identified preferably except for the entity which has at least initiated data blinding, here the first entity. Examples for blinding include the use of a pseudonym or alias for the data identifying the second entity. According to a preferred embodiment, the method according to the present invention is used for a single sign-on. Referring to the above description of single sign-on, e.g. in line with the LAP specifications, the present invention provides a method for blinding the identity of the service provider SP towards the identity provider IdP.
-
Citations
44 Claims
-
1-26. -26. (canceled)
-
27. A method for sign-on in a network based communications environment, comprising the steps of:
-
authentication of a first entity is requested by a second entity for accessing a service to be provided by the second entity (SP) to the first entity, the authentication being provided by a third entity (IdP);
blinding towards the third entity (IdP) data identifying the second entity (SP) by modifying the data identifying the second entity (SP) such that no information on the basis of which the second entity (SP) is identifiably by the third entity (IdP) is provided; and
,providing the modified data to the third entity (IdP). - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A sign-on entity for use in a network based communications environment, said sign-on entity adapted to:
-
receive an authentication request from a second entity (SP) for accessing a service to be provided by the second entity (SP) to the entity for authentication of the entity by a third entity (IdP), the authentication request comprising data identifying the second entity (SP); and
,blind towards the third entity (IdP) data identifying the second entity (SP) by-modifying the data identifying the second entity (SP) such that no information on the basis of which the second entity (SP) is identifiable by the third entity (IdP) is provided, and by sending the modified data to the third entity (IdP).
-
Specification