发明名称 |
System and method for accessing integrated applications in a single sign-on enabled enterprise solution |
摘要 |
A method for performing access management to facilitate a user to access applications in a single sign-on enabled enterprise solution is provided. A challenge token and a response token are transmitted between a server and a client. The challenge token and response token comprises one-way hashed data. The response token is verified at the server and the client to authenticate the user. Further, a request for service token is transmitted between the server and the client. The request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client. A service token is generated and transmitted between the server and the client. The service token is encrypted and decrypted at the server using a secret key to verify the service token. Based on the verification, the requested applications are rendered on client based user interface. |
申请公布号 |
US9191375(B2) |
申请公布日期 |
2015.11.17 |
申请号 |
US201113979614 |
申请日期 |
2011.01.13 |
申请人 |
Infosys Limited |
发明人 |
Kaler Jasdeep Singh;Thoppil Preethi;Mahapatra Sujit Kumar |
分类号 |
H04L29/06;G06F21/41 |
主分类号 |
H04L29/06 |
代理机构 |
Klarquist Sparkman, LLP |
代理人 |
Klarquist Sparkman, LLP |
主权项 |
1. A method for performing access management to facilitate a user to access one or more applications in a single sign-on enabled enterprise solution, the method comprising the steps of:
performing data transaction between a single sign-on (SSO) server and a client for authenticating the user, wherein the data transaction comprises:
transmitting a challenge token and a response token between the SSO server and the client, wherein the challenge token and the response token comprises one-way hashed data; andverifying the response token at the SSO server and at the client using the one-way hashed data; and performing data transaction for authorizing the user to access the one or more applications, wherein the data transaction comprises:
transmitting a request for service token between the SSO server and the client, wherein the request for service token is encrypted at the client and decrypted at the SSO server using a unique session key negotiated between the SSO server and the client;transmitting a service token between the SSO server and the client, wherein the service token is encrypted and decrypted at the SSO server using a secret key to verify the service token;transmitting the service token between the client and one or more application servers;transmitting the service token between the one or more application servers and the SSO server;decrypting the service token at the SSO server to verify the service token, wherein the service token is decrypted using the secret key;transmitting a verification message between the SSO server and the one or more application servers; andrendering the requested one or more applications on a user interface of the client based on the verification. |
地址 |
Bangalore IN |