| 发明名称 | System and method for securing authentication information in a networked environment | ||
| 摘要 | This disclosure is directed to systems and methods for securely communicating authentication information in a networked environment such as one involving a client device, a cloud based computing platform, and an enterprise computing environment. Some embodiments may include encrypting, by a client device using a public key, authentication information provided by a user. The encrypted authentication information is sent to a cloud based service which then sends it to an on-premises component residing behind a firewall of an enterprise. The on-premises component decrypts the authentication information using a private key, validates the authentication information, and returns the result to the cloud based service over a network. If validated, the cloud based service establishes a secure connection between the client device and the on-premises component such that the user can access the enterprise's content without the enterprise having to share the authentication information with the cloud based service. | ||
| 申请公布号 | US9319395(B2) | 申请公布日期 | 2016.04.19 |
| 申请号 | US201414318133 | 申请日期 | 2014.06.27 |
| 申请人 | Sailpoint Technologies, Inc. | 发明人 | Forster Craig Robert William;Greff Daniel Thomas;Chow Crandall B. T.;Goldenburg Phillip |
| 分类号 | H04L29/06;H04L9/30;G06F21/31 | 主分类号 | H04L29/06 |
| 代理机构 | Sprinke IP Law Group | 代理人 | Sprinke IP Law Group |
| 主权项 | 1. A method, comprising: encrypting, at a client device operated by a first party using a public key, original authentication information provided by the first party at the client device to generate encrypted authentication information, wherein the public key and instructions for encrypting the authentication information were provided by a cloud based service operated by a second party in response to an access to the cloud based service by the client device operated by the first party; the client device providing the encrypted authentication information to the cloud based service operated by the second party; the cloud based service providing the encrypted authentication information to an on-premises component residing behind a firewall of an enterprise operated by a third party distinct from the first party and second party; the on-premises component decrypting the encrypted authentication information using a private key corresponding to the public key provided by the cloud based service operated by the second party to obtain the original authentication information; the on-premises component performing a validation on the original authentication information; and the on-premises component returning a result of the validation to the cloud based service over a network, wherein the result is signed by the on-premises component using the private key such that the cloud based service operated by the second party can verify the result was sent by the on-premises component behind the firewall of the enterprise operated by the third party. | ||
| 地址 | Wilmington DE US | ||