Single sign-on process
First Claim
1. A smart-card for use in a mobile equipment connected to a first communication network for authenticating a user of said mobile equipment connected to a second communication network in order to remote-access a remote location, said smart card comprising processing means for delivering a plurality of authenticators each for authenticating the user in one or more of a plurality of intermediate equipment connected to both the first network and the second network between the mobile equipment and the remote location in order to establish a plurality of successive communication layers between the mobile equipment and the remote location.
9 Assignments
0 Petitions
Accused Products
Abstract
Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of:
- (1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote server,
- (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment,
- (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment,
- (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote server,
- wherein at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.
70 Citations
23 Claims
- 1. A smart-card for use in a mobile equipment connected to a first communication network for authenticating a user of said mobile equipment connected to a second communication network in order to remote-access a remote location, said smart card comprising processing means for delivering a plurality of authenticators each for authenticating the user in one or more of a plurality of intermediate equipment connected to both the first network and the second network between the mobile equipment and the remote location in order to establish a plurality of successive communication layers between the mobile equipment and the remote location.
-
12. A smart-card comprising:
-
a synchronization private key for decrypting an old and a new secret encrypted with a corresponding synchronization public key, comparison means for comparing said old decrypted secret with the secret stored in said mobile equipment, and comparing said decrypted new secret with a new secret entered in said mobile equipment, means for replacing said secret stored in said mobile equipment with said decrypted new secret when both comparisons are positive. - View Dependent Claims (13)
-
-
14. A smart-card for use in a mobile device communicating with a remote device through an intermediate device connected to the mobile device via a first communication network, said intermediate device connected to the remote device via a second communication network, said smart card comprising:
-
processing means; and a memory for providing data to said processing means, wherein an authenticator is provided by said processing means to the intermediate device for authenticating the mobile equipment in the intermediate device to establish a communication layer between the mobile device and the intermediate device, and wherein communication between the mobile device and the remote device is established when the mobile device has been authenticated in the intermediate device. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A smart-card for use in a mobile device communicating with a remote device through a plurality of intermediate equipment between the mobile device and the remote device, said smart card comprising:
-
processing means; and a means for storing a plurality of authenticators, wherein each of said authenticators is provided by said processing means to a corresponding one of the plurality of intermediate equipment for authenticating said mobile equipment in the corresponding one of the intermediate equipment to establish a corresponding communication layer between the mobile device and the corresponding one of the intermediate equipment, and wherein communication between the mobile device and the remote device is established when the mobile device has been authenticated in each of the plurality of intermediate equipment thereby resulting in a communication channel including the plurality of the corresponding communication layers each between said mobile device and the corresponding one of the intermediate equipment. - View Dependent Claims (20, 21, 22, 23)
-
Specification