Sign-On system with distributed access

摘要

A security system is provided for storing sensitive data and providing access to this data to at least one user (10) having an electronic communication device and using a single-sign-on procedure. A request (101) is directed to a first service provider (20). Based on the request (101) a challenge request (102) comprising the user identification code is sent to the second service provider (30); wherein the second service provider sends an authentication message (103) comprising the user identification code and an user Sign-On key to the first computer system, wherein the user Sign-On key is asymmetrically encrypted with a first service provider's (20) public key. Upon reception of the authentication message (103), the application of the first computer system creates an access ticket (104) comprising the digitally signed Sign-On key of the user, asymmetrically encrypted with a second service provider's (30) public key, wherein the content of said access ticket (104) is transmitted (105) to the user address from which the initial request (101) was initiated for a redirect (106) to the second computer system. The second service provider (30) starts a communication session with said user for accessing data in the data storage facility (31) after having checked the authentication of the user based on the basis of the user Sign-On key and a further part of the Sign-On key.