Distributed single sign-on service
First Claim
Patent Images
1. A method performed at a computing device to provide services to at least one other computing device, the method comprising:
- receiving an authentication request that includes at least a client identifier and an encrypted authentication token derived from a partial authentication token encrypted with a split key generated from a secret key known only by the computing device, the partial authentication token including the client identifier, a network address and a nonce;
attempting to decrypt the encrypted authentication token using the secret key; and
granting authenticated communication if decryption is possible with the secret key and a decrypted content of the encrypted authentication token is acceptable.
2 Assignments
0 Petitions
Accused Products
Abstract
The described implementations relate to establishing authenticated communication between a client computing device and a service provider. In one implementation, once a registration procedure is complete, multiple authentication servers are used by a client computing device and a service provider to facilitate the establishment of an authenticated communication session. However, the authentication servers are not necessarily trusted authorities. That is, secrets of the various described devices are not revealed to each other.
-
Citations
12 Claims
-
1. A method performed at a computing device to provide services to at least one other computing device, the method comprising:
-
receiving an authentication request that includes at least a client identifier and an encrypted authentication token derived from a partial authentication token encrypted with a split key generated from a secret key known only by the computing device, the partial authentication token including the client identifier, a network address and a nonce; attempting to decrypt the encrypted authentication token using the secret key; and granting authenticated communication if decryption is possible with the secret key and a decrypted content of the encrypted authentication token is acceptable. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method performed at an authentication server to provide authentication services, the method comprising:
-
establishing a secure session with a session key if such a secure session was not established in a previous procedure; receiving a service provider ID, a challenge supplied by a service provider, and a unique ID of a client computing device seeking access to the service provider; encrypting the unique ID of the client computing device, a network address of the client computing device and the challenge supplied by the service provider using an encryption key split from a secret key unknown to the authentication server; and offering the encryption to the client computing device, the encryption usable when attempting gain access to the service provider. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
Specification