| 摘要 |
A method of connecting an end user associated with a first organization to an application hosted by a second organization using a double blind authentication technique, wherein the identity of the end user is kept from the second organization and the identity of the second organization is hidden from the end user, includes exchanging digital certificates between the first organization and the second organizations, sending an authenticated and encrypted first message using a digital certificate from the first organization to the second organization, and requesting a virtual user (ID) for use by the end user. Thereafter, the method validates the digital certificate at the second organization, decrypts the first message sent by the first organization, and responds to the first message by sending an authenticated and encrypted response message including an authorized virtual user ID to the first organization. The first organization then authenticates the end user, maps the end user's user ID to the appropriate virtual user ID, and sends a second authenticated and encrypted message to the second organization including a session initialization request. The second organization then replies to the second message with an authenticated and encrypted reply message which includes a session ID.
|
