Traditionally, access to applications and other resources available on a system or over a computer network has been controlled by requiring a user attempting to access the application or resource to provide authenticating information to the system prior to being granted access. While the mechanism of requiring the user to provide authentication for a resource worked adequately in situations where only a single resource was being requested, it still often required a user to authenticate twice, first for access to the system/network and then a second time for the requested resource. As the authentication information was often different for the resource than it was for the system (e.g. the system may require a first user ID/password combination from the user while the resource requires a second and different user ID/password combination) the requirement of providing the information was often felt to be aggravating or burdensome for the user. Additionally, as the number of secure resources requiring authentication that were available on the system or over the network increased, the required number of authentication attempts by the user also increased, thereby resulting in a corresponding increase in the user's aggravation level due to the increased number of authenticators.
In response to user dislike for frequent authentications, the concept of the single sign-on system was developed. In a single sign-on system, a password manager (a software application/agent/process/etc.) running on the network or system is responsible for providing user credentials to secure applications. The user credentials for a particular user are usually stored in encrypted form in a location accessible to the password manager after being encrypted using a cryptographic key associated with the user. Requests by an authenticated user to access a secure application which require a user credential are intercepted by the password manager.
FIG. 1 (prior art) depicts the sequence of steps followed by conventional single sign-on systems to decrypt a user credential in response to a request for a secure resource. The sequence begins when the user authenticates to the system or network (step 200). The authentication frequently takes the form of entering a User ID and domain password. A cryptographic key is generated (step 202) and associated with the user's authentication information. The cryptographic key is used to encrypt a user credential for a secure resource (step 204). The cryptographic key is then stored. Subsequently a user requests access to a secure resource requiring the encrypted user credential (step 206). An agent/process for the single sign-on system identifies the request and retrieves the cryptographic key associated with the user's authentication information (step 208). It is this retrieval step that fails if the authentication information has changed since the user credential was originally encrypted and that requires system administrator assistance. The storing of the intact cryptographic key also represents a distinct security threat as it is subject to misappropriation by malicious users on the system/network. Assuming a successful retrieval, the encrypted user credential is then decrypted using the cryptographic key (step 210) and the decrypted user credential is supplied to the secure resource (step 212).
The single-sign on concept thus allows the user to access secure applications or resources without having to re-authenticate with each request while still securely encrypting the credentials required to access secure applications.
Unfortunately, conventional single sign-on systems do not work well in the event a user changes the authentication information provided to the system/network during the user's initial authentication during log-on. For example, if a user has changed a password as a result of forgetting their old password, the password manager will often not be able to find the right cryptographic key associated with the user. Without the proper cryptographic key, the user credentials necessary to access the requested secure resource are not able to be decrypted and the user request to access the secure resource fails. A system administrator is required to decrypt the required user credential and update the cryptographic key and/or the information reviewed by the password manager. Additionally, the storing of an intact cryptographic key associated with the user represents a security vulnerability as the key could be stolen by malicious entities thereby exposing the user's credentials.