Method and apparatus for providing a conditional single sign on
First Claim
1. A computer implemented method performed by a connection broker for brokering successive connections between a device and a computer resource comprising:
- during a first access sequence;
providing to the device, a first random number;
authenticating a user of the device; and
instantiating the computer resource for the authenticated user;
and during a subsequent access sequence responsive to the first random number retrieved from the device;
receiving encrypted user credentials and an encryption of a second random number forwarded from the device; and
communicating to the computer resource i) the first random number, ii) the encrypted user credentials and iii) the encryption of the second random number,wherein the encrypted user credentials comprise credentials of the user encrypted by a key K, the key K comprising a combination of the first random number with the second random number and wherein the encryption of the second random number comprises the second random number encrypted by a first public key held by the computer resource and the device.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for providing a conditional single sign-on, wherein during a first access sequence a connection broker provides a first random number to a device. During a subsequent access period, the device provides encrypted user credentials to the connection broker comprising credentials of a user encrypted by a key K. The key K comprises the first random number combined with a second random number. The device further provides an encryption of the second random number to the connection broker, the second random number encrypted with a first public key held by the computer resource. The connection broker decrypts the first random number and retransmits the encryption of the second random number and the encrypted user credentials to the computing resource.
11 Citations
20 Claims
-
1. A computer implemented method performed by a connection broker for brokering successive connections between a device and a computer resource comprising:
-
during a first access sequence; providing to the device, a first random number; authenticating a user of the device; and instantiating the computer resource for the authenticated user; and during a subsequent access sequence responsive to the first random number retrieved from the device; receiving encrypted user credentials and an encryption of a second random number forwarded from the device; and communicating to the computer resource i) the first random number, ii) the encrypted user credentials and iii) the encryption of the second random number, wherein the encrypted user credentials comprise credentials of the user encrypted by a key K, the key K comprising a combination of the first random number with the second random number and wherein the encryption of the second random number comprises the second random number encrypted by a first public key held by the computer resource and the device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing a connection with a computer resource comprising:
-
during a first access sequence; receiving, at a device, a first random number from a connection broker; providing, from the device, encrypted user credentials to the connection broker, the encrypted user credentials comprising credentials of a user encrypted by a key K, the key K comprising the first random number combined and a second random number; purging, by the device, the credentials of the user and the key K; and during a subsequent access sequence; receiving, at the device, a first public key held by the computing resource; encrypting, by the device, the second random number with the first public key; transmitting, by the device to the connection broker, i) an encryption of the first random number ii) the encryption of the second random number and iii) the encrypted user credentials; and establishing, by the device, the connection with the computer resource. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for providing a conditional single sign-on, comprising:
-
a connection broker for generating a first random number during a first access sequence; a computer resource, coupled to the connection broker via a network, for providing a first public key during a second access sequence; and a device, coupled to the connection broker via the network, for receiving the first random number from the connection broker during the first access sequence and the first public key held by the computer resource during the second access sequence, the device enabled to provide encrypted user credentials to the connection broker, the encrypted user credentials comprising credentials of a user encrypted by a key K, the key K comprising the first random number combined with a second random number, wherein during the second access sequence, the device transmits i) an encryption of the first random number ii) an encryption of the second random number by the first public key and iii) the encrypted user credentials to the connection broker, and wherein, responsive to the connection broker decrypting the first random number, retransmitting the encryption of the second random number and the encrypted user credentials from the connection broker to the computing resource. - View Dependent Claims (17, 18, 19, 20)
-
Specification