Secure authentication of users via intermediate parties
First Claim
1. A method for providing a client with access to a primary system through an intermediate system, said method comprising the steps of:
- (a) creating a log-in record, wherein said log-in record includes an encrypted version of a primary system client identifier;
(b) said intermediate system receiving log-in data for said client;
(c) authenticating access of said client to said intermediate system, based on data from said log-in data and data from said log-in record;
(d) sending authentication data to said primary system, wherein said authentication data includes data from said primary system client identifier; and
(e) performing authentication on the primary system using the data from the said primary system client identifier.
6 Assignments
0 Petitions
Accused Products
Abstract
An intermediate system provides remote clients with access to a primary system, such as a server. The intermediate system creates and stores a log-in record for each client. The log-in record contains an encrypted primary system client identifier (PSCI). The PSCI contains authentication information for verifying a client'"'"'s right to access the primary system. Storing an encrypted version of the PSCI enhances the security of the authentication information on the intermediate system. In some implementations of the present invention, the PSCI itself is an encrypted value. When a client attempts to log into the primary system, the intermediate system initially verifies the client'"'"'s intermediate system access rights. The intermediate system makes this determination using the log-in record and data provided by the client. Next, the intermediate system sends the PSCI to the client'"'"'s primary system for further authentication. The primary system uses the PSCI to verify the client'"'"'s right to access primary system data.
-
Citations
43 Claims
-
1. A method for providing a client with access to a primary system through an intermediate system, said method comprising the steps of:
-
(a) creating a log-in record, wherein said log-in record includes an encrypted version of a primary system client identifier; (b) said intermediate system receiving log-in data for said client; (c) authenticating access of said client to said intermediate system, based on data from said log-in data and data from said log-in record; (d) sending authentication data to said primary system, wherein said authentication data includes data from said primary system client identifier; and (e) performing authentication on the primary system using the data from the said primary system client identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A processor readable storage medium having processor readable code embodied on said processor readable storage medium, said processor readable code for programming a processor to perform a method for providing a client with access to a primary system through an intermediate system, said method comprising the steps of:
-
(a) creating a log-in record, wherein said log-in record includes an encrypted version of a primary system client identifier; (b) said intermediate system receiving log-in data for said client; (c) authenticating access of said client to said intermediate system, based on data from said log-in data and data from said log-in record; (d) sending authentication data to said primary system, wherein said authentication data includes data from said primary system client identifier; and (e) performing authentication on the primary system using the data from the said primary system client identifier. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. An apparatus providing a client with access to a primary system through an intermediate system, said apparatus comprising:
-
a processor; and a processor readable storage medium, in communication with said processor, said processor readable storage medium storing code for programming said processor to perform a method including the steps of; (a) creating a log-in record, wherein said log-in record includes an encrypted version of a primary system client identifier; (b) said intermediate system receiving log-in data for said client; (c) authenticating access of said client to said intermediate system, based on data from said log-in data and data from said log-in record; (d) sending authentication data to said primary system, wherein said authentication data includes data from said primary system client identifier; and (e) performing authentication on the primary system using the data from the said primary system client identifier. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
-
Specification