Single sign-on process

US 8,793,779 B2
Filed: 09/14/2005
Issued: 07/29/2014
Est. Priority Date: 02/08/2000
Status: Active Grant

First Claim

Patent Images

1. A single sign-on method allowing a user to remote-access a remote location over a communication network using a single sign-on module in a device, comprising the steps of:

providing the sign-on module in the device, said sign-in module including an interface with a smart-card;

initiating a user request for remote access to the remote location by accepting a user authenticator provided by the user via a user interface on the device provided to the user by said sign-on module;

authenticating the user using said sign-on module based on said user authenticator;

activating said smart-card based on said authenticating;

establishing a connection over said communication network with said remote location after activating said smart card;

authenticating said user in said remote location using a different authenticator derived using said smart-card without requiring additional authentication information being input from the user; and

granting the user access to said remote location in response to said accepting.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of:

- (1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote server,
- (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment,
- (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment,
- (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote server,
- wherein at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.

25 Citations

View as Search Results

25 Claims

1. A single sign-on method allowing a user to remote-access a remote location over a communication network using a single sign-on module in a device, comprising the steps of:
- providing the sign-on module in the device, said sign-in module including an interface with a smart-card;
  
  initiating a user request for remote access to the remote location by accepting a user authenticator provided by the user via a user interface on the device provided to the user by said sign-on module;
  
  authenticating the user using said sign-on module based on said user authenticator;
  
  activating said smart-card based on said authenticating;
  
  establishing a connection over said communication network with said remote location after activating said smart card;
  
  authenticating said user in said remote location using a different authenticator derived using said smart-card without requiring additional authentication information being input from the user; and
  
  granting the user access to said remote location in response to said accepting.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The single sign-on method of claim 1, wherein said remote location comprises one or more of:
    - an IPSEC gateway, said third authenticator being used by said IPSEC gateway for verifying the identity of said user;
      
      a firewall, said third authenticator being used by said firewall for verifying the identity of said user; and
      
      an operating system domain, said third authenticator comprising a password for logging onto said operating system domain.
  - 3. The single sign-on method of claim 1, wherein said remote location comprises:
    - an IPSEC gateway and/or a firewall, said third authenticator being used by said IPSEC gateway and/or by said firewall for verifying the identity of said user; and
      
      an operating system domain, and a fourth authenticator being retrieved from said single sign-on module and sent to said operating system domain for logging said user onto said operating system domain.
  - 4. The single sign-on method of claim 1, wherein said remote location comprises a corporate network with remote access capabilities.
  - 5. The single sign-on method of claim 1, wherein said single sign-on module comprises a smart-card for delivering said authenticators.
  - 6. The single sign-on method of claim 1, wherein said single sign-on module comprises a laptop and a terminal for accessing a mobile network.
  - 7. The single sign-on method of claim 6, wherein said mobile network comprises one or more of GPRS, EDGE, HSCSD, and UMTS networks.
  - 8. The single sign-on method of claim 1, comprising processing said authenticators in said single sign-on module.
  - 9. The single sign-on method of claim 1, comprising computing at least one of said authenticators in said single sign-on module using a cryptographic function using at least one key.
  - 10. The single sign-on method of claim 1, comprising prompting said user via said single sign-on module to enter a secret, and sending said first authenticator only when said secret entered by said user is correct.

11. A single sign-on method allowing a user to remote-access a remote location over a communication network using a single sign-on module in a device, comprising the steps of:
- providing the sign-on module in the device;
  
  initiating a user request for remote access to the remote location by accepting a user authenticator provided by the user via a user interface on the device provided to the user by said sign-on module;
  
  authenticating said user in the communication network using said sign-on module and said user authenticator provided by the user;
  
  establishing a connection over said communication network with said remote location after authenticating said user in the communication network;
  
  authenticating said user in said remote location using a different authenticator provided to said remote location by said sign-on module without requiring additional authentication information being input from the user; and
  
  granting the user access to said remote location in response to said authenticating.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The single sign-on method of claim 11, wherein said remote location comprises one or more of:
    - an IPSEC gateway, said third authenticator being used by said IPSEC gateway for verifying the identity of said user;
      
      a firewall, said third authenticator being used by said firewall for verifying the identity of said user; and
      
      an operating system domain, said third authenticator comprising a password for logging onto said operating system domain.
  - 13. The single sign-on method of claim 11, wherein said remote location comprises:
    - an IPSEC gateway and/or a firewall, said third authenticator being used by said IPSEC gateway and/or by said firewall for verifying the identity of said user; and
      
      an operating system domain, and a fourth authenticator being retrieved from said single sign-on module and sent to said operating system domain for logging said user onto said operating system domain.
  - 14. The single sign-on method of claim 11, wherein said remote location comprises a corporate network with remote access capabilities.
  - 15. The single sign-on method of claim 11, wherein said single sign-on module comprises a smart-card for delivering said authenticators.
  - 16. The single sign-on method of claim 11, wherein said single sign-on module comprises a laptop and a terminal for accessing a mobile network.
  - 17. The single sign-on method of claim 16, wherein said mobile network comprises one or more of GPRS, EDGE, HSCSD, and UMTS networks.
  - 18. The single sign-on method of claim 11, comprising processing said authenticators in said single sign-on module.
  - 19. The single sign-on method of claim 11, comprising computing at least one of said authenticators in said single sign-on module using a cryptographic function using at least one key.
  - 20. The single sign-on method of claim 11, comprising prompting said user via said single sign-on module to enter a secret, and sending said first authenticator only when said secret entered by said user is correct.

21. A user device for allowing a user to access a remote location over a network using a single sign-on process, comprising:
- a processor;
  
  an identification module for storing a plurality of authenticators for providing access to a plurality of different secure resources; and
  
  memory for storing information relating to a different authenticator, whereinsaid device is adapted for interacting with said network for registering the user in the network utilizing said identification module using said user authenticator, and whereinsaid device is further adapted for, subsequent to said registering in the network, interacting with said remote location for providing the different authenticator to said remote location based on said stored information relating to the different authenticator without requiring further authenticator information from the user, said different authenticator for authenticating said user in said remote location, and further whereinsaid device is also adapted for providing the user access to one or more secure resources at said remote location after said user is authenticated in said remote location.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The user device of claim 21, wherein said device comprises a smart-card for delivering said authenticators.
  - 23. The user device of claim 21, wherein said processor is operable to process said authenticators.
  - 24. The user device of claim 21, wherein said processor is operable to compute at least one of said authenticators using a cryptographic function using at least one key.
  - 25. The user device of claim 21, wherein said device is operable to:
    - prompt said user to enter a secret, and send said first authenticator only when said secret entered by said user is correct.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VL Collective IP, LLC (VideoLabs, Inc.)
Original Assignee
Swisscom AG (Government of Switzerland)
Inventors
Ferchichi, Azim, Lauper, Eric
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US11/226,724
Publication Number

US 20060013393A1
Time in Patent Office

3,240 Days
Field of Search

None
US Class Current

726/8
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/164   at the network layer

H04L 67/04   specially adapted for termi...

H04L 67/14   Session management for real...

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

H04W 8/265   for initial activation of n...

Single sign-on process

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on process

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links