To increase the security of information systems, the authentication of users by identifier/password pair is increasingly often being replaced with the use of a security device comprising cryptography means such as a chip card or a USB key containing cryptographic certificates.
An application using such a device systematically triggers a prior authentication step making it possible to verify that the current user is the legitimate user of the security device. This authentication step is conventionally carried out by requesting at least one secret from the current user, a secret known only to the legitimate user and to the security device. This secret is a password or an identification code known in the literature by the name “Personal Identification Number” or “PIN Code”.
Thus, if several applications use the security device, the user is required to authenticate himself specifically for each application, thus multiplying the number of times the secret has to be input and therefore the risk of its interception by a third party.
Within the framework of applications whose access is controlled by an identifier/password pair, there exist methods and systems for mutualizing passwords generically called “Single Sign-On” or SSO (Single identification).
Conventionally, there exist two types of SSO operation.
The first type consists of a centralized functionality which intercepts at the level of the server or servers the authentication requests and transforms them so as to avoid the need for the user to authenticate himself several times.
The second type consists of a functionality which executes on the user's station and which fills in the identifier/password fields instead of the user. Thus, each appearance on the screen of an identifier/password request window is detected and the fields are filled in before the user has been able to notice the window.
By way of example, the product CA eTrust Siteminder from the company Computer Associate is of the first type whereas the product CA eTrust SSO from the same company is of the second type.
It is therefore understood that, for the user, the use of a security device appears to be a retrograde step, from the ergonomic standpoint, with respect to the SSO solutions.