Control of access to a secondary system
First Claim
Patent Images
1. A method for controlling access of a user to a secondary system, said method comprising:
- a processor of a primary system sending a random string to a user system, said processor connecting the user system to the secondary system, said user being logged on the user system;
after said sending the random string to the user system, said processor receiving from the user system first authentication information comprising an encryption of the random string by a private key of a public/private key pair of the user, said encryption of the random string being a user-specific key; and
said processor storing, in the primary system, the user-specific key comprised by the received first authentication information;
said processor generating second authentication information from protected secondary authentication data stored in the primary system, said generating the second authentication information comprising applying the user-specific key to the protected secondary authentication data to generate the second authentication information; and
said processor providing the second authentication information to the secondary system to enable access of the user to the secondary system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for controlling access of a user to a secondary system. A primary system sends a random string to a user system that is connected to the secondary system. The user is logged on the user system. The primary system receives from the user system first authentication information including an encryption of the random string by a private key of the user. The primary system generates a user-specific key consisting of the encryption of the random string.
109 Citations
14 Claims
-
1. A method for controlling access of a user to a secondary system, said method comprising:
-
a processor of a primary system sending a random string to a user system, said processor connecting the user system to the secondary system, said user being logged on the user system; after said sending the random string to the user system, said processor receiving from the user system first authentication information comprising an encryption of the random string by a private key of a public/private key pair of the user, said encryption of the random string being a user-specific key; and said processor storing, in the primary system, the user-specific key comprised by the received first authentication information; said processor generating second authentication information from protected secondary authentication data stored in the primary system, said generating the second authentication information comprising applying the user-specific key to the protected secondary authentication data to generate the second authentication information; and said processor providing the second authentication information to the secondary system to enable access of the user to the secondary system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising a computer readable storage device storing computer executable instructions that when executed by a processor of a primary system perform a method for controlling access of a user to a secondary system, said method comprising:
-
said processor sending a random string to a user system, said processor connecting the user system to the secondary system, said user being logged on the user system; after said sending the random string to the user system, said processor receiving from the user system first authentication information comprising an encryption of the random string by a private key of a public/private key pair of the user, said encryption of the random string being a user-specific key; said processor storing, in the primary system, the user-specific key comprised by the received first authentication information; said processor generating second authentication information from protected secondary authentication data stored in the primary system, said generating the second authentication information comprising applying the user-specific key to the protected secondary authentication data to generate the second authentication information; and said processor providing the second authentication information to the secondary system to enable access of the user to the secondary system. - View Dependent Claims (9, 10, 11)
-
-
12. A primary system comprising a processor and a computer program product, said computer program product comprising computer executable instructions that when executed by the processor perform a method for controlling access of a user to a secondary system, said method comprising:
-
said processor sending a random string to a user system, said processor connecting the user system to the secondary system, said user being logged on the user system; after said sending the random string to the user system, said processor receiving from the user system first authentication information comprising an encryption of the random string by a private key of a public/private key pair of the user, said encryption of the random string being a user-specific key; said processor storing, in the primary system, the user-specific key comprised by the received first authentication information; said processor generating second authentication information from protected secondary authentication data stored in the primary system, said generating the second authentication information comprising applying the user-specific key to the protected secondary authentication data to generate the second authentication information; and said processor providing the second authentication information to the secondary system to enable access of the user to the secondary system. - View Dependent Claims (13, 14)
-
Specification