Method and apparatus for providing a conditional single sign on
First Claim
1. A computer implemented method for accessing a computer resource comprising:
- during a first access sequence;
receiving, at the computer resource, credentials of a user from a device the user is using to access the computer resource, wherein the credentials from the device have bypassed a connection broker;
encrypting the credentials using at least a first credentials key;
storing the encrypted credentials;
communicating the first credentials key to the connection broker for storage;
further encrypting the credentials using a second credentials key and communicating the second credentials key to the device; and
purging, by the computer resource, the first and second credentials keys; and
during a subsequent access sequence;
receiving, at the computer resource, the first credentials key from the connection broker and the second credentials key from the device;
decrypting the encrypted credentials using the first and second credentials keys;
purging at least the first and second credentials keys;
authenticating, by the computer resource, the user using the credentials and purging the credentials after the user is authenticated; and
enabling the device to access the computer resource following the authentication of the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for accessing a computer resource, wherein, during a first access sequence, the computer resource receives credentials of a user from a device the user is using to access the computer resource, encrypts the credentials using at least a first credentials key stores the encrypted credentials, communicates the first credentials key to a connection broker or to the device, and purges the first credentials key. The computer resource, during a subsequent access sequence, receives the first credentials key, decrypts the encrypted credentials using the first credentials key, and purges the first credentials key. The computer resource authenticates the user using the credentials and purges the credentials after the user is authenticated and enables the device to access the computer resource following the authentication of the user.
-
Citations
14 Claims
-
1. A computer implemented method for accessing a computer resource comprising:
-
during a first access sequence; receiving, at the computer resource, credentials of a user from a device the user is using to access the computer resource, wherein the credentials from the device have bypassed a connection broker; encrypting the credentials using at least a first credentials key; storing the encrypted credentials; communicating the first credentials key to the connection broker for storage; further encrypting the credentials using a second credentials key and communicating the second credentials key to the device; and purging, by the computer resource, the first and second credentials keys; and during a subsequent access sequence; receiving, at the computer resource, the first credentials key from the connection broker and the second credentials key from the device; decrypting the encrypted credentials using the first and second credentials keys; purging at least the first and second credentials keys; authenticating, by the computer resource, the user using the credentials and purging the credentials after the user is authenticated; and enabling the device to access the computer resource following the authentication of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium for storing software that, when executed by a processor, causes the processor to perform a method for accessing a computer resource comprising:
-
during a first access sequence; receiving credentials of a user from a device the user is using to access the computer resource, wherein the credentials from the device have bypassed a connection broker; encrypting the credentials using at least a first credentials key; storing the encrypted credentials; communicating the first credentials key to the connection broker for storage; further encrypting the credentials using a second credentials key and communicating the second credentials key to the device; and purging, by the computer resource, the first and second credentials keys; and during a subsequent access sequence; receiving, at the computer resource, the first credentials key from the connection broker and the second credentials key from the device; decrypting the encrypted credentials using the first and second credentials keys; and purging at least the first and second credentials keys; authenticating, by the computer resource, the user using the credentials and purging the credentials after the user is authenticated; and enabling the device to access the computer resource following the authentication of the user.
-
-
12. Apparatus for accessing a computer resource comprising:
-
a computer resource for supplying computing services to at least one device being operated by a user; a connection broker, coupled to the computer resource via a network, for confirming computer resource availability to the at least one device; wherein during a first access sequence the computer resource; receives credentials of a user from a device the user is using to access the computer resource, wherein the credentials from the device have bypassed the connection broker; encrypts the credentials using at least a first credentials key; stores the encrypted credentials; communicates the first credentials key to the connection broker for storage; further encrypting the credentials using a second credentials key and communicating the second credentials key to the device; and purges, by the computer resource, the first and second credentials keys; and during a subsequent access sequence; receives the first credentials key from the connection broker and the second credentials key from the device; decrypts the encrypted credentials using the first and second credentials keys; and purges at least the first and second credentials keys; and the computer resource authenticates the user using the credentials and purges the credentials after the user is authenticated; and
enables the device to access the computer resource following the authentication of the user. - View Dependent Claims (13, 14)
-
Specification