×

Method and system for securely accessing different services based on single sign on

  • US 9,449,167 B2
  • Filed: 08/16/2013
  • Issued: 09/20/2016
  • Est. Priority Date: 09/12/2012
  • Status: Active Grant
First Claim
Patent Images

1. A computer implemented method executed by one or more computing devices for securely accessing one or more online services based on a single sign on, the method comprising:

  • receiving at an authentication server, from a user device, a service request for a service among the one or more online services provided by a service provider server, a user id and a first hash of a first random number r;

    retrieving, by the authentication server, the first random number r from a database and computing a second hash of the first random number r;

    determining, by the authentication server, that the received first hash of the first random number is equal to the computed second hash of the first random number;

    authenticating the user device at the authentication server responsive to the determining that the second hash of the first random number r is equal to the received first hash of the first random number r;

    encrypting, by the authentication server, a second random number y with the first random number r;

    sending the second random number y encrypted with the first random number r from the authentication server to the user device;

    retrieving, by the authentication server, a service provider password, provided by the service provider server, from the database;

    encrypting, at the authentication server, the second random number y, the user id, and an element Q using the service provider password;

    sending the second random number y, the user id, and the element Q encrypted with the service provider password from the authentication server to the service provider server;

    computing, by the user device, a first discrete exponential function Z using the element Q and the second random number y, wherein the first discrete exponential function Z is computed as;


    Z=hn(y

    Q wherein n is decremented for subsequent calculations of Z;

    sending, by the user device, the user id and the computed first discrete exponential function Z to the service provider server;

    computing, by the service provider server, a second discrete exponential function Z′

    , using the element Q and the second random number y, wherein the second discrete exponential function Z′

    is computed as;


    Z′

    =h
    n(y

    Q wherein n is decremented for subsequent calculations of Z′

    ;

    determining, by the service provider server, whether the first discrete exponential function Z is equal to the second discrete exponential function Z′

    ; and

    responsive to determining that the first discrete exponential function Z is equal to the second discrete exponential function Z′

    , granting the user device access to the one or more online services provided by the service provider server.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×