System and method for single sign-on session management without central server
First Claim
Patent Images
1. A computer server configured for single sign-on session management, the computer server comprising:
- at least one communication interface coupled to at least one protected web resource;
one or more computer processors, operatively connected with the at least one communication interface, restricting user access to the at least one protected web resource;
at least one plug-in module residing on the one or more computer processors and being configured to;
receive, from a first client device, a first request to access the at least one protected web resource, the first request comprising first user credentials;
determine, completely within the computer server and independent of any other server, whether the first user credentials can be authenticated;
when the first user credentials cannot be authenticated, deny the first request or perform further authentication;
when the first user credentials are authenticated, authorize the first request, create first session credentials for the first client device, and transmit the created first session credentials to the first client device;
the at least one plug-in module being further configured to;
receive, from the first client device or a second client device, a second request to access the at least one protected web resource, the second request comprising the first session credentials or second session credentials; and
validate, completely within the computer server and independent of any other server, the received first session credentials or the received second session credentials;
when the received first session credentials or the received second session credentials are validated, authorize the second request, andwhen the received first session credentials or the received second session credentials cannot be validated, deny the second request or perform further authentication.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized.
51 Citations
20 Claims
-
1. A computer server configured for single sign-on session management, the computer server comprising:
-
at least one communication interface coupled to at least one protected web resource; one or more computer processors, operatively connected with the at least one communication interface, restricting user access to the at least one protected web resource; at least one plug-in module residing on the one or more computer processors and being configured to; receive, from a first client device, a first request to access the at least one protected web resource, the first request comprising first user credentials; determine, completely within the computer server and independent of any other server, whether the first user credentials can be authenticated; when the first user credentials cannot be authenticated, deny the first request or perform further authentication; when the first user credentials are authenticated, authorize the first request, create first session credentials for the first client device, and transmit the created first session credentials to the first client device; the at least one plug-in module being further configured to; receive, from the first client device or a second client device, a second request to access the at least one protected web resource, the second request comprising the first session credentials or second session credentials; and validate, completely within the computer server and independent of any other server, the received first session credentials or the received second session credentials; when the received first session credentials or the received second session credentials are validated, authorize the second request, and when the received first session credentials or the received second session credentials cannot be validated, deny the second request or perform further authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method for single sign-on session management on a computer server, the method comprising:
-
restricting, by the computer server, user access to at least one protected web resource; receiving, from a first client device, a first request to access the at least one protected web resource, the first request comprising first user credentials; determining, completely within the computer server and independent of any other server, whether the first user credentials can be authenticated; when the first user credentials cannot be authenticated, denying the first request or performing further authentication; when the first user credentials are authenticated, authorizing the first request, creating first session credentials for the first client device, and transmitting the created first session credentials to the first client device; receiving, from the first client device or a second client device, a second request to access the at least one protected web resource, the second request comprising the first session credentials or second session credentials; and validating, completely within the computer server and independent of any other server, the received first session credentials or the received second session credentials; when the received first session credentials or the received second session credentials are validated, authorizing the second request, and when the received first session credentials or the received second session credentials cannot be validated, denying the second request or performing further authentication. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising code for single sign-on session management, the code comprising instructions executable by a computer server to:
-
restrict, by the computer server, user access to at least one protected web resource; receive, from a first client device, a first request to access the at least one protected web resource, the first request comprising first user credentials; determine, completely within the computer server and independent of any other server, whether the first user credentials can be authenticated; when the first user credentials cannot be authenticated, deny the first request or perform further authentication; when the first user credentials are authenticated, authorize the first request, create first session credentials for the first client device, and transmit the created first session credentials to the first client device; receive, from the first client device or a second client device, a second request to access the at least one protected web resource, the second request comprising the first session credentials or second session credentials; and validate, completely within the computer server and independent of any other server, the received first session credentials or the received second session credentials; when the received first session credentials or the received second session credentials are validated, authorize the second request, and when the received first session credentials or the received second session credentials cannot be validated, deny the second request or perform further authentication.
-
Specification