AUTHENTICATION CONTEXT TRANSFER FOR ACCESSING COMPUTING RESOURCES VIA SINGLE SIGN-ON WITH SINGLE USE ACCESS TOKENS

US 20170006020A1
Filed: 07/02/2015
Published: 01/05/2017
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:

authenticating, by any of one or more computer processors, data representing a security credential of a user;

generating, by any of the one or more computer processors, data representing a single use access token based on the authenticated security credential, the single use access token being configured to expire for purposes of validation after a single such validation occurs against the single use access token; and

generating, by any of the one or more computer processors, executable code having the single use access token data encoded therewith, the executable code comprising instructions that, when executed by an end-user computing device, cause the end-user computing device to install an application and the single use access token data onto a computer-readable medium.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for accessing computing resources using secure single sign on authentication with a single use access token, including website-to-desktop application delivery and secure transfer of context information from the website to the desktop application once valid security credentials are provided from the same end-user computing device. A user signs onto a web application once using the security credentials. A web-based single use token generator generates a single use access token based on the user-supplied security credentials. A web-based context embedder service dynamically generates a context carrier and transfer application including the single use access token. The context carrier and transfer application is provided to an end-user computing device, which, when executed locally, installs a desktop application onto the end-user computing device. The desktop application utilizes the single use access token to access a secure, cloud-based computing resource. The single use access token expires after one use.

55 Citations

View as Search Results

20 Claims

1. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
- authenticating, by any of one or more computer processors, data representing a security credential of a user;
  
  generating, by any of the one or more computer processors, data representing a single use access token based on the authenticated security credential, the single use access token being configured to expire for purposes of validation after a single such validation occurs against the single use access token; and
  
  generating, by any of the one or more computer processors, executable code having the single use access token data encoded therewith, the executable code comprising instructions that, when executed by an end-user computing device, cause the end-user computing device to install an application and the single use access token data onto a computer-readable medium.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising digitally signing, by any of the one or more processors, the executable code with a digital signature.
  - 3. The method of claim 1, wherein the generating of the executable code includes encoding instructions in the application that, when executed by the end-user computing device, cause the application to validate the single use access token data with an identity provider.
  - 4. The method of claim 1, further comprising storing a copy of the single use access token data separately from the executable code and in a single use token store.
  - 5. The method of claim 1, further comprising:
    - providing the executable code to the end-user computing device; and
      
      in response to a request from the end-user computing device by way of the application, providing the end-user computing device access to a protected computing resource without requiring user entry of security credentials.

6. A computer-implemented method for accessing computing resources using secure single sign-on authentication, the method comprising:
- prompting, by a computer processor, a user to provide a security credential on a first occasion;
  
  sending, by the computer processor, the security credential of the user to a remote computing system via a browser;
  
  receiving, by the computer processor and in response to sending the security credential, executable code having single use access token data encoded therewith, the single use access token being configured to expire for purposes of validation after a single such validation occurs against the single use access token; and
  
  installing, by the computer processor, a desktop application and the single use access token data onto a computer-readable medium using the executable code, the desktop application being different than the browser.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising validating, by the computer processor and via the desktop application, the single use access token data without prompting the user to provide the security credential on a second, subsequent occasion.
  - 8. The method of claim 7, further comprising at least one of expiring and marking done, by the computer processor, the single use access token data.
  - 9. The method of claim 6, further comprising validating, by the computer processor, a digital signature included with the executable code.
  - 10. The method of claim 6, further comprising prompting the user to provide the security credential on a second, subsequent occasion in response to receiving an invalid or expired single use access token data included with the executable code.

11. A system comprising:
- a storage; and
  
  one or more computer processors operatively coupled to the storage, the one or more computer processors configured to execute instructions stored in the storage that when executed cause any of the one or more computer processors to carry out a process comprising;
  
  receiving data representing a security credential of a user;
  
  authenticating the security credential;
  
  generating data representing a single use access token based on the authenticated security credential, the single use access token being configured to expire for purposes of validation after a single such validation occurs against the single use access token; and
  
  generating executable code having the single use access token data encoded therewith, the executable code comprising instructions that, when executed by an end-user computing device, cause the end-user computing device to install an application and the single use access token data onto a computer-readable medium.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the process further comprises:
    - providing the executable code to the end-user computing device; and
      
      in response to a request from the end-user computing device by way of the application, providing the end-user computing device access to a protected computing resource without requiring user entry of security credentials.
  - 13. The system of claim 11, wherein the process further comprises digitally signing, by the one or more processors, the executable code with a digital signature.
  - 14. The system of claim 11, wherein the generating of the executable code includes encoding instructions in the application that, when executed by an end-user computing device, cause the application to validate the single use access token data with an identity provider.
  - 15. The system of claim 11, wherein the process further comprises storing a copy of the single use access token data separately from the executable code and in a single use token store.
  - 16. The system of claim 11, wherein the process further comprises:
    - prompting, via a web application, a user to provide a security credential on a first occasion;
      
      authenticating the security credential of the user via the web application;
      
      receiving, in response to authentication of the security credential, the executable code having single use access token data encoded therewith; and
      
      installing a desktop application and the single use access token data onto a computer-readable medium using the executable code.
  - 17. The system of claim 16, wherein the process further comprises validating, via the desktop application, the single use access token data without prompting the user to provide the security credential on a second, subsequent occasion.
  - 18. The system of claim 17, wherein the process further comprises at least one of expiring and marking done the single use access token data subsequent to the validating of the single use access token data.
  - 19. The system of claim 16, wherein the process further comprises prompting the user to provide the security credential on a second, subsequent occasion in response to receiving an invalid or expired single use access token data included with the executable code.
  - 20. The system of claim 16, wherein the process further comprises validating a digital signature included with the executable code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Falodiya, Aditya

Granted Patent

US 10,382,426 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 8/61   Installation

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

AUTHENTICATION CONTEXT TRANSFER FOR ACCESSING COMPUTING RESOURCES VIA SINGLE SIGN-ON WITH SINGLE USE ACCESS TOKENS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION CONTEXT TRANSFER FOR ACCESSING COMPUTING RESOURCES VIA SINGLE SIGN-ON WITH SINGLE USE ACCESS TOKENS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links