Secure identity federation for non-federated systems

US 10,333,941 B2
Filed: 10/23/2017
Issued: 06/25/2019
Est. Priority Date: 10/01/2004
Status: Active Grant

First Claim

Patent Images

1. A method for single sign-on (SSO) to access services provided by non-federated systems, the method including:

storing a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol;

receiving a request to access one of the services by an authenticated user; and

supplying the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.

Citations

21 Claims

1. A method for single sign-on (SSO) to access services provided by non-federated systems, the method including:
- storing a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol;
  
  receiving a request to access one of the services by an authenticated user; and
  
  supplying the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving at least one of the set of credentials that enable user access to at least one of the services from a user or an administrator.
  - 3. The method of claim 1, further comprising:
    - receiving configuration from the user or an administrator specifying a degree of authorization for the service associated with a credential in the set of credentials.
  - 4. The method of claim 1, wherein the service is provided by an entity separate from the user and an authenticator.
  - 5. The method of claim 1, wherein a credential that enables access to the service enables access to a group of users including the user.
  - 6. The method of claim 1, further comprising:
    - authenticating the user by verifying a user input credential for another service.
  - 7. The method of claim 1, further comprising:
    - providing the credential to enable user access to the service via a hyper text transfer protocol.

8. A non-transitory computer readable medium storing a plurality of instructions to cause one or more processors to perform a set of operations for single sign-on (SSO) to access services provided by non-federated systems the set of operations comprising:
- storing a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol;
  
  receiving a request to access one of the services by an authenticated user; and
  
  supplying the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, having further instructions stored therein, which when executed cause the one or more processors to perform operations further comprising:
    - receiving at least one of the set of credentials that enable user access to at least one of the services from a user or an administrator.
  - 10. The non-transitory computer readable medium of claim 8, having further instructions stored therein, which when executed cause the one or more processors to perform operations further comprising:
    - receiving configuration from the user or an administrator specifying a degree of authorization for the service associated with a credential in the set of credentials.
  - 11. The non-transitory computer readable medium of claim 8, wherein the service is provided by an entity separate from the user and an authenticator.
  - 12. The non-transitory computer readable medium of claim 8, wherein a credential that enables access to the service enables access to a group of users including the user.
  - 13. The non-transitory computer readable medium of claim 8, having further instructions stored therein, which when executed cause the one or more processors to perform operations further comprising:
    - authenticating the user by verifying a user input credential for another service.
  - 14. The non-transitory computer readable medium of claim 8, having further instructions stored therein, which when executed cause the one or more processors to perform operations further comprising:
    - providing the credential to enable user access to the service via a hyper text transfer protocol.

15. A computer system configured to perform a set of operations for single sign-on (SSO) to access services provided by non-federated systems, the computer system comprising:
- a non-transitory computer readable medium having stored therein an intermediate service; and
  
  at least one processor, the at least one processor to execute the intermediate service, the intermediate service to store a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol, to receive a request to access one of the services by an authenticated user, and to supply the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer system of claim 15, wherein the intermediate service is further to receive at least one of the set of credentials that enable user access to at least one of the services from a user or an administrator.
  - 17. The computer system of claim 15, wherein the intermediate service is further to receive configuration from the user or an administrator specifying a degree of authorization for the service associated with a credential in the set of credentials.
  - 18. The computer system of claim 15, wherein the service is provided by an entity separate from the user and an authenticator.
  - 19. The computer system of claim 15, wherein a credential that enables access to the service enables access to a group of users including the user.
  - 20. The computer system of claim 15, wherein the intermediate service authenticates the user by verifying a user input credential for another service.
  - 21. The computer system of claim 15, wherein the intermediate service is further to providing the credential to enable user access to the service via a hyper text transfer protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Boulos, Thomas Nabiel, Behera, Prasanta Kumar
Primary Examiner(s)
McNally, Michael S

Application Number

US15/790,909
Publication Number

US 20180248883A1
Time in Patent Office

610 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

Secure identity federation for non-federated systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure identity federation for non-federated systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links