首页> 外国专利> Protecting sensitive information in single sign-on (SSO) to the cloud

Protecting sensitive information in single sign-on (SSO) to the cloud

机译：将单点登录（SSO）的敏感信息保护到云端

页面导航

摘要
著录项
相似文献

摘要

A method to protect sensitive information during a single sign-on (SSO) process flow initiated from a client and directed to an authorization server configured to issue an access token upon verification of a credential. The technique leverages a first proxy that monitors a packet flow issued from the authorization server, and a second proxy that monitors a redirect packet flow issued from the client (in response to the packet flow). A message that includes the access token is modified by the first proxy to include a data string, and the modified message is delivered to the client; concurrently, the first proxy provides the data string/access token pair to the second proxy. When the client receives the modified message, it issues a response (that includes the data string) back to a resource server. As the response traverses the second proxy, it removes the data string and re-inserts the access token, and the resulting modified response is forwarded to the resource server.

机译：一种在从客户端发起的单点登录（SSO）处理流程期间保护敏感信息的方法，并指向被配置为在验证凭证时发出访问令牌的授权服务器。该技术利用监视从授权服务器发出的分组流的第一代理，以及监视从客户端发出的重定向分组流的第二代理（响应于分组流）。包括访问令牌的消息由第一个代理修改以包括数据字符串，并且将修改的消息传递给客户端;同时，第一个代理将数据字符串/访问令牌对提供给第二代理。当客户端收到修改后的消息时，它会发出响应（包括数据字符串）回到资源服务器。当响应遍历第二代理时，它会删除数据字符串并重新插入访问令牌，并将结果修改响应转发到资源服务器。

著录项

公开/公告号US11044236B2

专利类型
公开/公告日2021-06-22

原文格式PDF
申请/专利权人 INTERNATIONAL BUSINESS MACHINES CORPORATION;
展开▼

申请/专利号US201916295090
发明设计人 LEONID RODNIANSKY;
展开▼

申请日2019-03-07
分类号H04L29/06;
国家 US
入库时间 2022-08-24 19:28:16

相似文献

专利
外文文献
中文文献