Enhance single sign-on flow for secure computing resources

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Vladimir Stoyanov · Redmond, US
• Artem Belkine · Renton, US
• Gustavo Hernando Catalano-Fonseca · Redmond, US
• Christian Cruz Montoya · San Diego, US
• David Belanger · Ajax, CA
• Clark D. Nicholson · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/083
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The techniques disclosed herein provide an enhanced single sign-on flow for secure computing resources, such as a virtual machine or hosted applications. In some configurations, the techniques process different types of security data, e.g., credentials, tokens, certificates, and reference objects at specific computing entities of a system to provide a single sign-on flow for providing access to secure computing resources from a client computing device. In one illustrative example, a select type of security data, such as a certificate, is generated from a token and a claim at a particular computing resource, such as an agent operating on a virtual machine. In another example, a signed version of the certificate can be stored and verified at the virtual machine. By generating certificates at such particular computing resources, the computing resource can verify a person's credentials using a secure single sign-on flow without requiring the person to provide credentials multiple times.