SECURITY TOKEN DESTINED FOR MULTIPLE OR GROUP OF SERVICE PROVIDERS
First Claim
1. A method of using a security token generated by an authentication server to access a plurality of service providers in a system that includes the authentication server, the plurality of service providers, and at least one client workstation, the method comprising:
- in a client workstation, specifying a plurality of service providers to be accessed by the client, and submitting a request to an authentication server for a security token to access each of the specified service providers;
in the authentication server, generating the requested security token by performing the steps of;
(a) obtaining a secret key for each of the specified service providers;
(b) generating a saltbase;
(c) generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm;
(d) generating a session key that includes the salt for each service provider;
(e) assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders;
(f) generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts;
(g) generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts;
(h) generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt;
(i) inserting the generated blobs for the specified service providers in the security token; and
(j) providing the generated security token to the client; and
in the client workstation, accessing each of the specified service providers by providing the received security token to each of the specified service providers,wherein each specified service provider validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication server generates a security token to be used by a client for accessing multiple service providers by obtaining a secret key for each specified service provider, generating a saltbase, generating a salt for each service providers using the saltbase, the secret key, and a hashing algorithm, generating a session key that includes the salt, assigning an order to each of the generated salts, and arranging the salts based on the orders, generating a presalt for each provider using the salt for each previous provider, generating a postsalt for each of the specified service providers using the salt for each following provider, generating a blob for each of the specified service providers using the saltbase, the respective presalt, and the respective postsalt, inserting the generated blobs for the specified service providers in the security token, and providing the generated security token to the client workstation.
163 Citations
11 Claims
-
1. A method of using a security token generated by an authentication server to access a plurality of service providers in a system that includes the authentication server, the plurality of service providers, and at least one client workstation, the method comprising:
-
in a client workstation, specifying a plurality of service providers to be accessed by the client, and submitting a request to an authentication server for a security token to access each of the specified service providers; in the authentication server, generating the requested security token by performing the steps of; (a) obtaining a secret key for each of the specified service providers; (b) generating a saltbase; (c) generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm; (d) generating a session key that includes the salt for each service provider; (e) assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders; (f) generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts; (g) generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts; (h) generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt; (i) inserting the generated blobs for the specified service providers in the security token; and (j) providing the generated security token to the client; and in the client workstation, accessing each of the specified service providers by providing the received security token to each of the specified service providers, wherein each specified service provider validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for generating a security token that can be used by a plurality of service providers, the method comprising:
-
in a client workstation, specifying a plurality of service providers to be accessed by the client, and submitting a request to an authentication server for a security token to access each of the specified service providers; in the authentication server, generating the requested security token by performing the steps of; obtaining a secret key for each of the specified service providers; generating a saltbase; generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm; generating a session key that includes the salt for each service provider; assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders; generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts; generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts; generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt; inserting the generated blobs for the specified service providers in the security token; and providing the generated security token to the client workstation.
-
-
10. A system for using a security token to access a plurality of services provided by a plurality of service providers, the system comprising an authentication server, the plurality of service providers, and at least one client workstation, wherein,
the client workstation comprises: -
a memory storing computer executable process steps and a processor that executes the process steps, the process steps, when executed performing; specifying a plurality of service providers to be accessed by the client, and submitting a request to the authentication server for a security token to access each of the specified service providers; the authentication server comprises; a memory storing computer executable process steps and a processor that executes the process steps, the process steps, when executed performing; generating the requested security token by performing the steps of; (a) obtaining a secret key for each of the specified service providers; (b) generating a saltbase; (c) generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm; (d) generating a session key that includes the salt for each service provider; (e) assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders; (f) generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts; (g) generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts; (h) generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt; (i) inserting the generated blobs for the specified service providers in the security token; and (j) providing the generated security token to the client; and In the client workstation, further performing; accessing each of the specified service providers by providing the received security token to each of the specified service providers, wherein each specified service provider validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.
-
-
11. An authentication server in a system that includes the authentication server, a plurality of service providers, and at least one client workstation, comprising:
-
a memory storing computer executable process steps and a processor that executes the process steps, the process steps, when executed performing a process to generate a security token by; receiving, from a client workstation, a request for the security token, the request including identification information of a plurality of service providers specified by the client; obtaining a secret key for each of the specified service providers; generating a saltbase; generating a salt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective salt using the saltbase, the secret key of the respective service provider, and a hashing algorithm; generating a session key that includes the salt for each service provider; assigning an order to each of the generated salts, and arranging the salts in accordance with their respective orders; generating a presalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective presalt using the salt for each service provider previous to the instant service provider, as determined by the respective orders of the salts; generating a postsalt for each of the specified service providers, wherein for each service provider, the authentication server generates the respective postsalt using the salt for each service provider following the instant service provider, as determined by the respective orders of the salts; generating a blob for each of the specified service providers, wherein for each service provider, the authentication server generates the respective blob using the saltbase, the respective presalt, and the respective postsalt; inserting the generated blobs for the specified service providers in the security token; and providing the generated security token to the client workstation, wherein, the client workstation accesses each of the specified service providers by providing the received security token to each of the specified service providers, and wherein each specified service provider restores the session key using its respective blob included in the security token and validates the received security token, and in response to a determination that the security token is valid, the service provider provides a service to the client.
-
Specification