METHOD AND SYSTEM FOR SECURELY ACCESSING DIFFERENT SERVICES BASED ON SINGLE SIGN ON
First Claim
1. A computer implemented method executed by one or more computing devices for securely accessing one or more services based on a single sign on, the method comprising:
- receiving, from a user device, a service request for a service among the one or more services provided by a service provider, a user id and a hash of a first random number r;
computing the hash of the first random number r stored in a database;
authenticating the user device, provided the computed hash of the first random number r is equal to the received hash of the first random number r;
encrypting a second random number y with the first random number r;
sending the second random number y encrypted with the first random number r to the user device;
encrypting the second random number y, the user id and an element Q using a service provider password;
sending the second random number y, the user id and the element Q encrypted with the service provider password to the service provider;
computing, by the user device, a first discrete exponential function Z using the element Q and the second random number y;
sending, by the user device, the user id and the computed first discrete exponential function Z to the service provider;
computing, by the service provider, a second discrete exponential function Z′
, using the element Q and the second random number y; and
providing the user device access to the one or more services provided by the service provider, provided Z is equal to Z′
.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment for securely accessing services of a service provider based on single sign on. The user device is authenticated by an authentication server if the computed hash of the first random number r is same as the received hash of the first random number r sent by a user device. Thereafter, the second random number y, the user id and an element Q are encrypted using a service provider password and send to the service provider. The user device computes a first discrete exponential function Z using the element Q and the second random number y and sends along with the user id to the service provider. The service provider computes a second discrete exponential function Z′ using the element Q and the second random number y received from the authentication server and provides the user device access to the services if Z is equal to Z′.
29 Citations
20 Claims
-
1. A computer implemented method executed by one or more computing devices for securely accessing one or more services based on a single sign on, the method comprising:
-
receiving, from a user device, a service request for a service among the one or more services provided by a service provider, a user id and a hash of a first random number r; computing the hash of the first random number r stored in a database; authenticating the user device, provided the computed hash of the first random number r is equal to the received hash of the first random number r; encrypting a second random number y with the first random number r; sending the second random number y encrypted with the first random number r to the user device; encrypting the second random number y, the user id and an element Q using a service provider password; sending the second random number y, the user id and the element Q encrypted with the service provider password to the service provider; computing, by the user device, a first discrete exponential function Z using the element Q and the second random number y; sending, by the user device, the user id and the computed first discrete exponential function Z to the service provider; computing, by the service provider, a second discrete exponential function Z′
, using the element Q and the second random number y; andproviding the user device access to the one or more services provided by the service provider, provided Z is equal to Z′
. - View Dependent Claims (2, 3, 4, 5)
-
-
6. (canceled)
-
7. (canceled)
-
8. (canceled)
-
9. A computer implemented method executed by one or more computing devices for securely giving access for one or more services to a user device, the method comprising:
-
receiving, from an authentication server, an encrypted second random number y, a user id and an element Q; computing a second discrete exponential function Z′
, using the element Q and the second random number y;receiving, from the user device, the user id and a first discrete exponential function Z; and providing the user device access to the one or more services, provided Z is equal to Z′
. - View Dependent Claims (10, 11, 12)
-
-
13. A system for securely accessing different services based on single sign on, the system comprising:
-
a user device configured to; provide a service request for a service provided by a service provider which a user wants to access, a user id and a hash of a first random number r to an authentication server; compute a first discrete exponential function Z using an element Q and a second random number y; and send the user id and the computed first discrete exponential function Z to the service provider; the authentication server configured to; compute the hash of a first random number r stored in a database; receive the hash of the first random number r; authenticate the user device, provided the computed hash of the first random number r is same as the received hash of the first random number r; encrypt a second random number y with the first random number r; send the second random number y encrypted with the first random number r to the user device; encrypt the second random number y, the user id and the element Q using a service provider password; and send the second random number y, the user id and the element Q encrypted with the service provider password to the service provider; the database configured to; store the first random number r, the second random number y and the service provider password; and a service provider configured to; compute a second discrete exponential function Z′
using the element Q and the second random number y; andprovide the user device access to the service, provided Z is equal to Z′
. - View Dependent Claims (14, 15, 16)
-
-
17. An authentication server comprising:
-
one or more processors operatively coupled to a memory, the processor configured to perform the steps of; computing a hash of a first random number r; receiving the hash of the first random number r; authenticating a user device, provided the computed hash of the first random number r is same as the received hash of the first random number r; encrypting a second random number y with the first random number r; sending the second random number y encrypted with the first random number r to the user device; encrypting the second random number y, the user id and the element Q using a service provider password; and sending the second random number y, the user id and the element Q encrypted with the service provider password to the service provider; and the memory configured to; store the first random number r, the second random number y and the service provider password. - View Dependent Claims (18, 19, 20)
-
Specification