Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Agent-based single sign on (SSO) method and system

A single sign-on, application system technology, applied in the field of computer information, can solve the problems of difficult expansion, complex implementation and expansion, user information leakage, etc., to achieve the effects of easy expansion, reduction of configuration costs, and protection of personal privacy

Inactive Publication Date: 2011-06-29
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF3 Cites 90 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can enable users to achieve unified authentication and single sign-on on different machines in different locations, but this method requires all application systems to trust the authentication center, and a front-end program needs to be configured in each application system to complete user authentication. Verification of assertions, which makes the implementation and extension of the system relatively complex
[0004] In the above two methods, the single sign-on service will maintain the user's user name, password and other personal information. If the service is attacked, it may lead to the leakage of user information.
Another single sign-on method is that the user first passes the verification of the first application system, and then clicks the link of the second application system in the first application system, and the first application system generates an authentication information and sends it to the second application system. The application system is authenticated and logged in. In this method, a corresponding trust relationship must be established between each application system, which leads to a tightly coupled relationship between multiple application systems, which is not easy to expand, and if an application If the system is compromised, it will threaten the security of other application systems
[0005] In addition, there are some emerging technologies that can also complete similar proxy login services, such as the OAuth protocol, which enables the user to authorize a third party with a token so that it can use the token without using the user's username and password. Password can be used to apply for the authorization of the user resource, thereby better protecting the user's personal information, but to complete the single sign-on service, it is also necessary to unify the token format and verification method in each application system, which is also not easy to implement and extension

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Agent-based single sign on (SSO) method and system
  • Agent-based single sign on (SSO) method and system
  • Agent-based single sign on (SSO) method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The present invention will be described in more detail below by specific examples.

[0041] 1. Proxy-based single sign-on method

[0042] The single sign-on method in this embodiment includes two processes of authentication credential setting and single sign-on, respectively corresponding to the relationship between the terminal user, the single sign-on server and the application server. figure 1 A schematic diagram of the relationship between the above three is given, and the single sign-on method of this embodiment will be described below with reference to the accompanying drawings.

[0043] First, user U needs to perform the authentication credential setting process, which includes the following steps:

[0044] a. The user U first registers at the application server S and obtains the user credential C.

[0045] b. The user accesses the single sign-on server L, and the single sign-on server authenticates the user.

[0046] c. The user sends a credential setting req...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an agent-based single sign on (SSO) method and system, belonging to the technical field of computer information. In the method, a user (U) registers and acquires a user certificate (C) in an application server (S); the U logs in an SSO server (L) and sends a certificate setting request; the L stores user identifications, application server identifications and ciphertext (C') in an associated manner; the U logs in the L and requests to access the S; the L is interacted with the S to acquire a token issued by the S and a signature (sig) of the S for the token; the L usesa self-private key to sign the token to acquire sig' and then searches the C' associated with the U identifications and the S identifications as well as sends the C', the token and the sig' to the U;the U uses a private key in the user C to decrypt c' so as to acquire C, and sends SSO server identifications, the C, the token and the sig' to the S; and the S verifies the token and the sig', if the token and the sig' pass the verification, the user C is continued to be verified; and if the user C passes the verification, the U is permitted to log in. The invention also discloses an SSO system corresponding to the SSO method.

Description

technical field [0001] The present invention relates to single sign-on technology, in particular to an agent-based single sign-on method and system. It belongs to the field of computer information technology. Background technique [0002] In recent years, with the development of information technology and network technology and the continuous popularization of various network application services, users need to access many different application systems every day, such as web pages, emails, databases, etc. Each system requires users to follow certain security policies, such as requiring user IDs and passwords to be entered. As the number of systems accessed by users increases, users usually need to remember multiple passwords in order to access different application systems. In order to facilitate memory, users generally simplify passwords, or use the same password in multiple systems, or record passwords, which greatly reduces the security of user identity; on the other ha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L9/32
Inventor 张立武冯登国李强张严
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com