Using one-time passwords with single sign-on authentication
First Claim
Patent Images
1. A method of enabling a user to use a one-time password (OTP) in conjunction with single sign-on (SSO) authentication, said method comprising:
- receiving an authentication request, said authentication request including a username and an OTP associated with the user;
authenticating the OTP;
updating a database with the authenticated OTP, said database including a mapping of a plurality of usernames associated with a plurality of users to a respective password, such that the password mapped to the username associated with the user is the authenticated OTP; and
permitting the database to be accessible by an authentication server configured to use the password mapped to the username associated with the user in the database to provide SSO authentication to the user.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, computer program product, authentication proxy server, and system for enabling a user to use a one-time password in conjunction with single sign-on authentication and external authentication, such as provided by the Kerberos protocol, are provided.
-
Citations
28 Claims
-
1. A method of enabling a user to use a one-time password (OTP) in conjunction with single sign-on (SSO) authentication, said method comprising:
-
receiving an authentication request, said authentication request including a username and an OTP associated with the user;
authenticating the OTP;
updating a database with the authenticated OTP, said database including a mapping of a plurality of usernames associated with a plurality of users to a respective password, such that the password mapped to the username associated with the user is the authenticated OTP; and
permitting the database to be accessible by an authentication server configured to use the password mapped to the username associated with the user in the database to provide SSO authentication to the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product for enabling a user to use a one-time password (OTP) in conjunction with single sign-on (SSO) authentication, wherein the computer program product comprises at least one computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
-
a first executable portion for receiving an authentication request, said request including a username and an OTP associated with the user;
a second executable portion for authenticating the OTP;
a third executable portion for updating a database with the authenticated OTP, said database including a mapping of a plurality of usernames associated with a plurality of users to a respective password, such that the password mapped to the username associated with the user is the authenticated OTP; and
a fourth executable portion for permitting the database to be accessible by an authentication server configured to use the password mapped to the username associated with the user in the database to provide SSO authentication to the user. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for enabling a user to use a one-time password (OTP) in conjunction with single sign-on (SSO) authentication, said system comprising:
-
a client application associated with the user;
an authentication proxy server in communication with the client application, said authentication proxy server configured to receive an authentication request from the client application, said authentication request including a username and an OTP associated with the user;
a password authentication server (PAS) in communication with the authentication proxy server, wherein the authentication proxy server authenticates the OTP using the PAS;
a database accessible by the authentication proxy server, said database including a mapping of a plurality of usernames associated with a plurality of users to a respective password, wherein said authentication proxy server is configured to update said database with said authenticated OTP, such that the password mapped to the username associated with the user is the authenticated OTP; and
an authentication server in communication with the authentication proxy server, said authentication server configured to receive the authentication request from the authentication proxy server, and, in response, to access the database to retrieve the authenticated OTP mapped to the username associated with the user, and use said authenticated OTP to provide SSO authentication.
-
- 14. The system of 13, wherein the authentication server provides SSO authentication by using the OTP retrieved from the database to encrypt a session key and to generate a master ticket, said master ticket capable of being used by the client application to request one or more service tickets, said service tickets capable of being used to access a respective application server.
-
19. An authentication proxy server capable of enabling a user to use a one-time password (OTP) in conjunction with single sign-on (SSO) authentication, said authentication proxy server comprising:
-
means for receiving an authentication request, said authentication request including a username and an OTP associated with the user;
means for authenticating the OTP; and
means for updating a database with the authenticated OTP, said database including a mapping of a plurality of usernames associated with a plurality of users to a respective password, such that the password mapped to the username associated with the user is the authenticated OTP, wherein the database is accessible by an authentication server configured to use the password mapped to the username associated with the user in the database to provide SSO authentication to the user. - View Dependent Claims (20, 21, 22, 23)
-
-
24. An authentication proxy server capable of enabling a user to use a one-time password (OTP) in conjunction with single sign-on (SSO) authentication, said authentication proxy server comprising:
a processing device capable of receiving an authentication request including a username and an OTP associated with the user, said processing device also capable of authenticating the OTP and updating a database with the authenticated OTP, wherein the database includes a mapping of a plurality of usernames associated with a plurality of users to a respective password, such that the password mapped to the username associated with the user is the authenticated OTP, and wherein the database is also accessible by an authentication server configured to use the password mapped to the username associated with the user in the database to provide SSO authentication to the user. - View Dependent Claims (25, 26, 27, 28)
Specification