| 发明名称 |
SYSTEM AND METHOD TO PROVIDE SECURE CREDENTIAL |
| 摘要 |
A system and method is illustrated for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network. In embodiments, an access connector receives credentials and a device unique identifier from the client device over a secure link, obtain the at least one key from the corporate network, apply the at least one key to the credentials and the device unique identifier to generate the secure credential package including the encrypted credential and the device unique identifier, send the secure credential package to the client device over the secure link, upon receiving the secure credential package from the client device, retrieve the at least one key via the key manager, decrypting the secure credential package using the at least one key to obtain the credentials, and validate the credentials against a user directory located in the corporate network. |
| 申请公布号 |
US2016323112(A1) |
申请公布日期 |
2016.11.03 |
| 申请号 |
US201615210791 |
申请日期 |
2016.07.14 |
| 申请人 |
EMC Corporation |
发明人 |
Chung Leonard |
| 分类号 |
H04L9/32;H04L29/06 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer implemented method for authenticating a client device using a secure credential package stored on the client device and at least one key stored in a corporate network, the computer implemented method comprising:
receiving the secure credential package from the client device in connection with an authenticating of the client, wherein the secure credential package include encrypted credentials and an encrypted unique device identifier; obtaining at least one key from the corporate network, wherein the at least one key is stored in a key store that is located in a first zone of the corporate network; decrypting the secure credential package using the at least one key to obtain credentials, validating the credentials against a user directory located in the corporate network; in the event of a successful validation, sending the credentials to a backend service located in the corporate network for a service authentication; and authenticating the client device using the secure credential package based at least in part on the at least one key obtained from the key store and information stored on a resource of the corporate network, wherein the resource of the corporate network is located in a second zone of the corporate network, wherein the second zone is located behind a firewall for the second zone of the corporate network relative to the client device, the firewall for the second zone being located behind the first zone. |
| 地址 |
Hopkinton MA US |
