Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Method of Enhancing the Security of Single Sign-on Using Digital Certificate

A single sign-on and digital certificate technology, applied in the network field, can solve problems such as fraudulent use, and achieve the effect of improving security

Active Publication Date: 2022-03-29
KOAL SOFTWARE CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] But whether it is a master ticket (login ticket) or a secondary ticket (application ticket), it can be copied and used by an attacker

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method of Enhancing the Security of Single Sign-on Using Digital Certificate
  • A Method of Enhancing the Security of Single Sign-on Using Digital Certificate
  • A Method of Enhancing the Security of Single Sign-on Using Digital Certificate

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0036] A method for enhancing single sign-on security by using a digital certificate, comprising the following steps:

[0037] Step 1: Before the single sign-on, the client generates a pair of temporary asymmetric key pairs in the client;

[0038] Step 2: see figure 1 , the client submits the client ID, user authentication information, and the public key in the pair of temporary asymmetric key pairs generated in step 1 to the single sign-on server, and uses the pair of temporary asymmetric key pairs generated in step 1 The private key in the key pair signs all submitted client IDs and user authentication information to form login information;

[0039] Step 3: The single sign-on server verifies the login information in step 2 and obtains the user ID. After successful verification, it extracts the public key pair from the pair of temporary asym...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for enhancing the security of single sign-on by using digital certificates, which uses public and private keys and digital certificates to replace one master ticket (login ticket) and N slave tickets (application tickets) in the process of single sign-on. Use digital certificates + asymmetric keys to complete the verification of whether the client has the right to hold certain types of information, to solve the problem that the application can verify whether the client has the right to hold these tickets when the single sign-on ticket is hijacked or obtained illegally. This problem makes the tickets in this solution non-replicable, which greatly improves the security of single sign-on login.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a method for enhancing single sign-on security by using digital certificates. Background technique [0002] Common single sign-on (SSO) protocols (such as OAuth2, CAS, etc.) use tickets (Token or Ticket) as login credentials. [0003] During the single sign-on process, there are 1+N tickets between the client, the SSO server and each application service. The ticket used with the SSO server can be called the master ticket (or login ticket). For example, in the CAS protocol, the client will hold a cookie named TGC to identify its own logged-in status; while in the OAuth2 protocol In general, WebSession cookies are used to identify the logged-in status. [0004] When the client accesses the application, it will use a slave ticket (also called application ticket) issued by the SSO server, which is called ST (Service Ticket) in the CAS protocol and defined as Ticket in the OAuth2 p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L9/32
CPCH04L63/0815H04L63/0823H04L63/0442H04L9/3247
Inventor 陈磊掌晓愚高冬其张启涛
Owner KOAL SOFTWARE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products