METHOD AND SYSTEM FOR SECURELY ACCESSING DIFFERENT SERVICES BASED ON SINGLE SIGN ON

US 20140075202A1
Filed: 08/16/2013
Published: 03/13/2014
Est. Priority Date: 09/12/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method executed by one or more computing devices for securely accessing one or more services based on a single sign on, the method comprising:

receiving, from a user device, a service request for a service among the one or more services provided by a service provider, a user id and a hash of a first random number r;

computing the hash of the first random number r stored in a database;

authenticating the user device, provided the computed hash of the first random number r is equal to the received hash of the first random number r;

encrypting a second random number y with the first random number r;

sending the second random number y encrypted with the first random number r to the user device;

encrypting the second random number y, the user id and an element Q using a service provider password;

sending the second random number y, the user id and the element Q encrypted with the service provider password to the service provider;

computing, by the user device, a first discrete exponential function Z using the element Q and the second random number y;

sending, by the user device, the user id and the computed first discrete exponential function Z to the service provider;

computing, by the service provider, a second discrete exponential function Z′

, using the element Q and the second random number y; and

providing the user device access to the one or more services provided by the service provider, provided Z is equal to Z′

.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment for securely accessing services of a service provider based on single sign on. The user device is authenticated by an authentication server if the computed hash of the first random number r is same as the received hash of the first random number r sent by a user device. Thereafter, the second random number y, the user id and an element Q are encrypted using a service provider password and send to the service provider. The user device computes a first discrete exponential function Z using the element Q and the second random number y and sends along with the user id to the service provider. The service provider computes a second discrete exponential function Z′ using the element Q and the second random number y received from the authentication server and provides the user device access to the services if Z is equal to Z′.

29 Citations

View as Search Results

20 Claims

1. A computer implemented method executed by one or more computing devices for securely accessing one or more services based on a single sign on, the method comprising:
- receiving, from a user device, a service request for a service among the one or more services provided by a service provider, a user id and a hash of a first random number r;
  
  computing the hash of the first random number r stored in a database;
  
  authenticating the user device, provided the computed hash of the first random number r is equal to the received hash of the first random number r;
  
  encrypting a second random number y with the first random number r;
  
  sending the second random number y encrypted with the first random number r to the user device;
  
  encrypting the second random number y, the user id and an element Q using a service provider password;
  
  sending the second random number y, the user id and the element Q encrypted with the service provider password to the service provider;
  
  computing, by the user device, a first discrete exponential function Z using the element Q and the second random number y;
  
  sending, by the user device, the user id and the computed first discrete exponential function Z to the service provider;
  
  computing, by the service provider, a second discrete exponential function Z′
  
  , using the element Q and the second random number y; and
  
  providing the user device access to the one or more services provided by the service provider, provided Z is equal to Z′
  
  .
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the first discrete exponential function Z is computed as:
    - Z=h_n(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z.
  - 3. The method of claim 1, wherein the second discrete exponential function Z′
    - is computed as;
      
      Z′
      
      =h_n(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z′
      
      .
  - 4. The method of claim 1, wherein the element Q is an element from a cyclic group G of generator P.
  - 5. The method of claim 1, further comprising:
    - generating the first random number r;
      
      encrypting the first random number r and the element Q with a user password;
      
      sending the encrypted first random number r and the element Q;
      
      decrypting, by the user device, the encrypted first number r and the element Q; and
      
      generating, by the user device, hash of the first random number r.

6. (canceled)

7. (canceled)

8. (canceled)

9. A computer implemented method executed by one or more computing devices for securely giving access for one or more services to a user device, the method comprising:
- receiving, from an authentication server, an encrypted second random number y, a user id and an element Q;
  
  computing a second discrete exponential function Z′
  
  , using the element Q and the second random number y;
  
  receiving, from the user device, the user id and a first discrete exponential function Z; and
  
  providing the user device access to the one or more services, provided Z is equal to Z′
  
  .
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the first discrete exponential function Z is computed as:
    - Z=h_n(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z.
  - 11. The method of claim 9, wherein the second discrete exponential function Z′
    - is computed as;
      
      Z′
      
      =h_n(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z′
      
      .
  - 12. The method of claim 9, wherein the element Q is an element from a cyclic group G of generator P.

13. A system for securely accessing different services based on single sign on, the system comprising:
- a user device configured to;
  
  provide a service request for a service provided by a service provider which a user wants to access, a user id and a hash of a first random number r to an authentication server;
  
  compute a first discrete exponential function Z using an element Q and a second random number y; and
  
  send the user id and the computed first discrete exponential function Z to the service provider;
  
  the authentication server configured to;
  
  compute the hash of a first random number r stored in a database;
  
  receive the hash of the first random number r;
  
  authenticate the user device, provided the computed hash of the first random number r is same as the received hash of the first random number r;
  
  encrypt a second random number y with the first random number r;
  
  send the second random number y encrypted with the first random number r to the user device;
  
  encrypt the second random number y, the user id and the element Q using a service provider password; and
  
  send the second random number y, the user id and the element Q encrypted with the service provider password to the service provider;
  
  the database configured to;
  
  store the first random number r, the second random number y and the service provider password; and
  
  a service provider configured to;
  
  compute a second discrete exponential function Z′
  
  using the element Q and the second random number y; and
  
  provide the user device access to the service, provided Z is equal to Z′
  
  .
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the first discrete exponential function Z is computed as:
    - Z=h_n(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z.
  - 15. The system of claim 13, wherein the second discrete exponential function Z′
    - is computed as;
      
      Z′
      
      =h_n(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z′
      
      .
  - 16. The system of claim 13, wherein the element Q is an element from a cyclic group G of generator P.

17. An authentication server comprising:
- one or more processors operatively coupled to a memory, the processor configured to perform the steps of;
  
  computing a hash of a first random number r;
  
  receiving the hash of the first random number r;
  
  authenticating a user device, provided the computed hash of the first random number r is same as the received hash of the first random number r;
  
  encrypting a second random number y with the first random number r;
  
  sending the second random number y encrypted with the first random number r to the user device;
  
  encrypting the second random number y, the user id and the element Q using a service provider password; and
  
  sending the second random number y, the user id and the element Q encrypted with the service provider password to the service provider; and
  
  the memory configured to;
  
  store the first random number r, the second random number y and the service provider password.
- View Dependent Claims (18, 19, 20)
- - 18. The authentication server of claim 17, wherein the first discrete exponential function Z is computed as:
    - Z=hn(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z.
  - 19. The authentication server of claim 17, wherein the second discrete exponential function Z′
    - is computed as;
      
      Z′
      
      =hn(y)·
      
      Q wherein n is order of hash and n is decremented by a predefined number with each subsequent calculation of Z′
      
      .
  - 20. The authentication server of claim 17, wherein the element Q is an element from a cyclic group G of generator P.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infosys Limited
Original Assignee
Infosys Limited
Inventors
Varadharajan, Vijayaraghavan, Kuppusamy, Sivakumar, Nallusamy, Rajarathnam

Granted Patent

US 9,449,167 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 9/3236   using cryptographic hash fu...

METHOD AND SYSTEM FOR SECURELY ACCESSING DIFFERENT SERVICES BASED ON SINGLE SIGN ON

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM FOR SECURELY ACCESSING DIFFERENT SERVICES BASED ON SINGLE SIGN ON

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others