Log-on service providing credential level change without loss of session continuity

Assignee

• Sun Microsystems Inc. · US

Inventors

• David L. Wood, III · Moraga, US
• Paul Weschler · Broomfield, US
• Derk Norton · Pleasanton, US
• Chris Ferris · Northbridge, US
• Yvonne Wilson · Mountain View, US
• William R. Soley · Campbell, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2113
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on. An entity (e.g., a user or an application) may initially log-on with a credential suitable for one or more resources in an initial resource set, but then require access to resource requiring authentication at higher trust le…