System and method to provide secure credential
First Claim
1. A computer implemented method for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network, the computer implemented method comprising:
- receiving credentials and a device unique identifier from the client device over a secure link;
obtaining the at least one key from the corporate network, wherein the at least one key is stored in a key store that is located behind a first firewall of the corporate network relative to the client device;
applying the at least one key to the credentials and the device unique identifier to generate the secure credential package including encrypted credentials corresponding to the credentials and an encrypted device unique identifier corresponding to the device unique identifier;
sending the secure credential package to the client device over the secure link;
receiving the secure credential package from the client device in connection with an authenticating of the client;
decrypting the secure credential package using the at least one key to obtain the credentials,validating the credentials against a user directory located in the corporate network;
in the event of a successful validation, sending the credentials to a backend service located in the corporate network for a service authentication; and
authenticating the client using the secure credential package based at least in part on the at least one key obtained from the key store and information stored on a resource of the corporate network, wherein the resource of the corporate network is located behind a second firewall of the corporate network relative to the client device, the second firewall being located behind the first firewall.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method is illustrated for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network. In embodiments, an access connector receives credentials and a device unique identifier from the client device over a secure link, obtain the at least one key from the corporate network, apply the at least one key to the credentials and the device unique identifier to generate the secure credential package including the encrypted credential and the device unique identifier, send the secure credential package to the client device over the secure link, upon receiving the secure credential package from the client device, retrieve the at least one key via the key manager, decrypting the secure credential package using the at least one key to obtain the credentials, and validate the credentials against a user directory located in the corporate network.
47 Citations
19 Claims
-
1. A computer implemented method for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network, the computer implemented method comprising:
-
receiving credentials and a device unique identifier from the client device over a secure link; obtaining the at least one key from the corporate network, wherein the at least one key is stored in a key store that is located behind a first firewall of the corporate network relative to the client device; applying the at least one key to the credentials and the device unique identifier to generate the secure credential package including encrypted credentials corresponding to the credentials and an encrypted device unique identifier corresponding to the device unique identifier; sending the secure credential package to the client device over the secure link; receiving the secure credential package from the client device in connection with an authenticating of the client; decrypting the secure credential package using the at least one key to obtain the credentials, validating the credentials against a user directory located in the corporate network; in the event of a successful validation, sending the credentials to a backend service located in the corporate network for a service authentication; and authenticating the client using the secure credential package based at least in part on the at least one key obtained from the key store and information stored on a resource of the corporate network, wherein the resource of the corporate network is located behind a second firewall of the corporate network relative to the client device, the second firewall being located behind the first firewall. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An access connector located in a corporate network used for providing secure credential, the access connector comprising:
-
a receiver configured to use at least one processor to receive credentials and a device unique identifier from a client device over a secure link; a key manager configured to use at least one processor to obtain at least one key from the corporate network, wherein the at least one key is stored in a key store that is located behind a first firewall of the corporate network relative to the client device; a secure package creator configured to use at least one processor to apply the at least one key to the credentials and the device unique identifier to generate a secure credential package including encrypted credentials corresponding to the credentials and an encrypted device unique identifier corresponding to the device unique identifier; a secure package validator configured to decrypt the secure credential package using the at least one key to obtain the credentials, validate the credentials against a user directory located in the corporate network, and upon a successful validation, send the credentials to a backend service located in the corporate network for a service authentication, and authenticate the client using at least one processor to receive the secure credential package from the client device in connection with an authenticating of the client, wherein the resource of the corporate network is located behind a second firewall of the corporate network relative to the client device, the second firewall being located behind the first firewall; and a sender configured to use at least one processor to send the secure credential package to the client device over the secure link, wherein the receiver is further configured use at least one processor to receive the secure credential package from the client device in connection with the authentication of the client. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network, comprising:
-
at least one processor configured to; receive credentials and a device unique identifier from the client device over a secure link; obtain the at least one key from the corporate network, wherein the at least one key is stored in a key store that is located behind a first firewall of the corporate network relative to the client device; apply the at least one key to the credentials and the device unique identifier to generate the secure credential package including the encrypted credential and the encrypted device unique identifier; send the secure credential package to the client device over the secure link; receive the secure credential package from the client device in connection with an authenticating of the client; decrypt the secure credential package using the at least one key to obtain the credentials; validate the credentials against a user directory located in the corporate network; in the event of a successful validation, send the credentials to a backend service located in the corporate network for a service authentication; and authenticate the client using the secure credential package based at least in part on the at least one key obtained from the key store and information stored on a resource of the corporate network, wherein the resource of the corporate network is located behind a second firewall of the corporate network relative to the client device, the second firewall being located behind the first firewall; and at least one memory coupled to the at least one processor and configured to provide the at least one processor with instructions.
-
Specification