SECURITY TOKEN DESTINED FOR MULTIPLE OR GROUP OF SERVICE PROVIDERS

US 20110239283A1
Filed: 03/26/2010
Published: 09/29/2011
Est. Priority Date: 03/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method of using a security token generated by an authentication server to access a plurality of service providers in a system that includes the authentication server, the plurality of service providers, and at least one client workstation, the method comprising:

in a client workstation, specifying a plurality of service providers to be accessed by the client, and submitting a request to an authentication server for a security token to access each of the specified service providers;

in the authentication server, generating the requested security token by performing the steps of;

(a) obtaining a secret key for each of the specified service providers;

(b) generating a saltbase;

(c) generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm;

(d) generating a session key that includes the salt for each service provider;

(e) assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders;

(f) generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts;

(g) generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts;

(h) generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt;

(i) inserting the generated blobs for the specified service providers in the security token; and

(j) providing the generated security token to the client; and

in the client workstation, accessing each of the specified service providers by providing the received security token to each of the specified service providers,wherein each specified service provider validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server generates a security token to be used by a client for accessing multiple service providers by obtaining a secret key for each specified service provider, generating a saltbase, generating a salt for each service providers using the saltbase, the secret key, and a hashing algorithm, generating a session key that includes the salt, assigning an order to each of the generated salts, and arranging the salts based on the orders, generating a presalt for each provider using the salt for each previous provider, generating a postsalt for each of the specified service providers using the salt for each following provider, generating a blob for each of the specified service providers using the saltbase, the respective presalt, and the respective postsalt, inserting the generated blobs for the specified service providers in the security token, and providing the generated security token to the client workstation.

163 Citations

11 Claims

1. A method of using a security token generated by an authentication server to access a plurality of service providers in a system that includes the authentication server, the plurality of service providers, and at least one client workstation, the method comprising:
- in a client workstation, specifying a plurality of service providers to be accessed by the client, and submitting a request to an authentication server for a security token to access each of the specified service providers;
  
  in the authentication server, generating the requested security token by performing the steps of;
  
  (a) obtaining a secret key for each of the specified service providers;
  
  (b) generating a saltbase;
  
  (c) generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm;
  
  (d) generating a session key that includes the salt for each service provider;
  
  (e) assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders;
  
  (f) generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts;
  
  (g) generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts;
  
  (h) generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt;
  
  (i) inserting the generated blobs for the specified service providers in the security token; and
  
  (j) providing the generated security token to the client; and
  
  in the client workstation, accessing each of the specified service providers by providing the received security token to each of the specified service providers,wherein each specified service provider validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein each specified service provider validates the received security token by obtaining its respective blob from the security token, restoring its session key using the obtained blob, and validating the security token using its restored session key.
  - 3. The method of claim 2, wherein the service provider restores its session key by obtaining the saltbase, the respective presalt, and the respective postsalt from the obtained blob, calculating the respective salt using the respective secret key and the saltbase, and applying the hashing algorithm to the respective salt, presalt, and postsalt.
  - 4. The method of claim 1, wherein for each service provider, the authentication server generates the respective salt by applying the hashing algorithm to the secret key to generate a hashed secret key, and applying the hashing algorithm to the saltbase and the hashed secret key to generate the respective salt.
  - 5. The method of claim 1, wherein the authentication server generates the session key by applying the hashing algorithm to the salts for each of the specified service providers.
  - 6. The method of claim 1, wherein for each service provider, the respective presalt includes the salts for each service provider previous to the instant service provider, as determined by the respective orders of the salts, and wherein for each service provider, the respective postsalt includes the salts for each service provider following the instant service provider, as determined by the respective orders of the salts.
  - 7. The method of claim 1, wherein the blob for a respective service provider is encrypted using the respective secret key.
  - 8. The method of claim 1, wherein blobs for the specified service providers are included in the generated security token such that they are arranged in accordance with their respective orders.

9. A method for generating a security token that can be used by a plurality of service providers, the method comprising:
- in a client workstation, specifying a plurality of service providers to be accessed by the client, and submitting a request to an authentication server for a security token to access each of the specified service providers;
  
  in the authentication server, generating the requested security token by performing the steps of;
  
  obtaining a secret key for each of the specified service providers;
  
  generating a saltbase;
  
  generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm;
  
  generating a session key that includes the salt for each service provider;
  
  assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders;
  
  generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts;
  
  generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts;
  
  generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt;
  
  inserting the generated blobs for the specified service providers in the security token; and
  
  providing the generated security token to the client workstation.

10. A system for using a security token to access a plurality of services provided by a plurality of service providers, the system comprising an authentication server, the plurality of service providers, and at least one client workstation, wherein,the client workstation comprises:
- a memory storing computer executable process steps and a processor that executes the process steps, the process steps, when executed performing;
  
  specifying a plurality of service providers to be accessed by the client, andsubmitting a request to the authentication server for a security token to access each of the specified service providers;
  
  the authentication server comprises;
  
  a memory storing computer executable process steps and a processor that executes the process steps, the process steps, when executed performing;
  
  generating the requested security token by performing the steps of;
  
  (a) obtaining a secret key for each of the specified service providers;
  
  (b) generating a saltbase;
  
  (c) generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm;
  
  (d) generating a session key that includes the salt for each service provider;
  
  (e) assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders;
  
  (f) generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts;
  
  (g) generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts;
  
  (h) generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt;
  
  (i) inserting the generated blobs for the specified service providers in the security token; and
  
  (j) providing the generated security token to the client; and
  
  In the client workstation, further performing;
  
  accessing each of the specified service providers by providing the received security token to each of the specified service providers,wherein each specified service provider validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.

11. An authentication server in a system that includes the authentication server, a plurality of service providers, and at least one client workstation, comprising:
- a memory storing computer executable process steps and a processor that executes the process steps, the process steps, when executed performing a process to generate a security token by;
  
  receiving, from a client workstation, a request for the security token, the request including identification information of a plurality of service providers specified by the client;
  
  obtaining a secret key for each of the specified service providers;
  
  generating a saltbase;
  
  generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm;
  
  generating a session key that includes the salt for each service provider;
  
  assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders;
  
  generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts;
  
  generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts;
  
  generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt;
  
  inserting the generated blobs for the specified service providers in the security token; and
  
  providing the generated security token to the client workstation,wherein, the client workstation accesses each of the specified service providers by providing the received security token to each of the specified service providers, andwherein each specified service provider restores the session key using its respective blob included in the security token and validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Chern, Wei-Jhy

Granted Patent

US 8,353,019 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0815   providing single-sign-on or...

H04L 9/0869   involving random numbers or...

H04L 9/3213   using tickets or tokens, e....

SECURITY TOKEN DESTINED FOR MULTIPLE OR GROUP OF SERVICE PROVIDERS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

163 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY TOKEN DESTINED FOR MULTIPLE OR GROUP OF SERVICE PROVIDERS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links