Mechanism of passing security tokens through both untrusted and validating intermediaries
US10735400B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 13, 2018 |
| Grant date | Aug 4, 2020 |
| Priority date | — |
| Expiry date | Nov 12, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/10
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Disclosed is a system and technique for validating a user for a single sign on without exposing secure information about the user to any part of the system except the connection server and the identity provider. In the technique, instead of relying directly on a SAML assertion, the technique uses an artifact representing the assertion and wraps the artifact in an access token. The access token is able to carry the artifact through one or more gateways on its way to a connection server without revealing any security information. Upon the access token being verified by either the gateway or the connection server, the artifact can be extracted from the access token and verification of the user for the single sign on can proceed between only the connection server and the identity provider.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.