TRUSTED LOCAL SINGLE SIGN-ON
First Claim
1. A computing method, comprising:
- running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured exclusively for interacting with multiple servers in respective secure communication sessions and is isolated from the first operating environment;
storing in the second operating environment multiple server-specific credentials for authenticating a user of the user computer to the respective servers, and a single set of master credentials for authenticating the user to the second operating environment; and
establishing a secure communication session between the user computer and a given server under control of a program running in the second operating environment, by authenticating the user in the second operating environment using the master credentials and, responsively to successfully authenticating the user, automatically selecting one of the server-specific credentials in the second operating environment and authenticating the user to the given server using the selected server-specific credentials.
3 Assignments
0 Petitions
Accused Products
Abstract
A method includes running on a computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured exclusively for interacting with multiple servers in respective secure communication sessions and is isolated from the first operating environment. Multiple server-specific credentials for authenticating a user of the computer to the respective servers, as well as a single set of master credentials for authenticating the user to the second operating environment, are stored in the second operating environment.
A secure communication session is established between the computer and a given server under control of a program running in the second operating environment, by authenticating the user using the master credentials and, responsively to authenticating the user, selecting one of the server-specific credentials and authenticating the user to the given server using the selected server-specific credentials.
116 Citations
27 Claims
-
1. A computing method, comprising:
-
running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured exclusively for interacting with multiple servers in respective secure communication sessions and is isolated from the first operating environment; storing in the second operating environment multiple server-specific credentials for authenticating a user of the user computer to the respective servers, and a single set of master credentials for authenticating the user to the second operating environment; and establishing a secure communication session between the user computer and a given server under control of a program running in the second operating environment, by authenticating the user in the second operating environment using the master credentials and, responsively to successfully authenticating the user, automatically selecting one of the server-specific credentials in the second operating environment and authenticating the user to the given server using the selected server-specific credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A user computer, comprising:
-
an interface, which is operative to communicate with multiple servers over a communication network; and a processor, which is coupled to run a first operating environment, which is configured to perform general-purpose operations, and a second operating environment, which is configured exclusively for interacting with the multiple servers in respective protected communication sessions and is isolated from the first operating environment, to store in the second operating environment multiple server-specific credentials for authenticating a user of the user computer to the respective servers and a single set of master credentials for authenticating the user to the second operating environment, and to establish a secure communication session between the user computer and a given server under control of a program running in the second operating environment, by authenticating the user in the second operating environment using the master credentials and, responsively to successfully authenticating the user, automatically selecting, one of the server-specific credentials in the second operating environment and authenticating the user to the given server using the selected server-specific credentials. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer software product for use in a user computer, the product comprising a computer-readable medium, in which instructions are stored, which instructions, when executed by the user computer, cause the user computer to communicate with multiple servers over a communication network, to run a first operating environment for performing general-purpose operations, to run a second operating environment, which is configured exclusively for interacting with the multiple servers in respective communication sessions and is isolated from the first operating environment, to store in the second operating environment multiple server-specific credentials for authenticating a user of the user computer to the respective servers and a single set of master credentials for authenticating the user to the second operating environment, and to establish a secure communication session between the user computer and a given server under control of a program running in the second operating environment, by authenticating the user in the second operating environment using the master credentials and, responsively to successfully authenticating the user, automatically selecting one of the server-specific credentials in the second operating environment and authenticating the user to the given server using the selected server-specific credentials.
Specification