Single sign-on system and single sign-on method for a web site and recording medium
First Claim
1. A single sign-on system for a web site, comprising:
- an user authentication proxy unit between a user terminal and a web server for performing user authentication operations required for the web site, said user terminal accessing the web server over the Internet, wherein said user authentication proxy unit comprises means for recording data required for performing user authentication operations, and wherein said user authentication proxy unit performs user authentication operations for the web site specified by the user terminal to reduce user authentication operations on the user terminal.
2 Assignments
0 Petitions
Accused Products
Abstract
A user authentication proxy 2 provided between a user terminal 1 and a web server 4 saves therein information associated with a sequence of user authentication processes between the user terminal and a web server performed by a user. This information includes a web site URL, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication. When the user specifies the URL of a web site from any user terminal, the proxy compares data on the URL received from the web server specified by the URL with received data saved in the proxy. If they match, the proxy does not send the data from the web server to the user terminal but sends user authentication operation sending data to the web server on behalf of the user terminal.
134 Citations
10 Claims
-
1. A single sign-on system for a web site, comprising:
-
an user authentication proxy unit between a user terminal and a web server for performing user authentication operations required for the web site, said user terminal accessing the web server over the Internet, wherein said user authentication proxy unit comprises means for recording data required for performing user authentication operations, and wherein said user authentication proxy unit performs user authentication operations for the web site specified by the user terminal to reduce user authentication operations on the user terminal. - View Dependent Claims (2)
-
-
3. A single sign-on system for a web site, comprising:
-
a user authentication proxy unit between a user terminal and a web server, said user terminal accessing the web server over the Internet, wherein said user authentication proxy unit comprises;
means for saving information in storage means for use as information associated with a sequence of user authentication processes executed by a user between the user terminal and the web server over the Internet, said information being a combination of three data pieces, that is, a URL (Uniform Resource Locator) of a web site, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication; and
means for sending a connection request to the web server specified by the URL when the user uses any user terminal to specify the URL of the web site, for comparing, when data on the URL is received from the web server, the received data with data saved in advance in said storage means, and, if a match is found, for sending user authentication sending data saved in advance in the storage means to the web server on behalf of the user terminal instead of transferring to the user terminal the data received from the web server.
-
-
4. A user authentication proxy unit provided between a user terminal and a web server, said user terminal accessing the web server over the Internet, comprising:
-
means for saving information in storage means for use as information associated with a sequence of user authentication processes executed by a user between the user terminal and the web server over the Internet, said information being a combination of three data pieces, that is, a URL (Uniform Resource Locator) of a web site, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication; and
means for sending a connection request to the web server specified by the URL when the user uses any user terminal to specify the URL of the web site, for comparing, when data on the URL is received from the web server, the received data with data saved in advance in said storage means, and, if a match is found, for sending user authentication sending data saved in advance in the storage means to the web server on behalf of the user terminal instead of transferring to the user terminal the data received from the web server.
-
-
5. A user authentication proxy unit provided between a user terminal and a web server, said user terminal accessing the web server over the Internet, comprising:
-
a storage unit which comprises;
a proxy user authentication data storage unit that stores therein a user identifier uniquely identifying a user and a password, said user identifier and said password being required for confirming that the user using said user authentication proxy unit is an authorized user; and
a web site user authentication data storage unit that stores therein combinations of data, each of said combinations being composed of a user identifier uniquely identifying a user, a URL of a web site, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication, proxy user authenticating means for authenticating, using data saved in said proxy user authentication data storage unit, whether the user is an authorized user of said user authentication proxy unit;
URL saving means for saving a combination of the URL of the web site and the user identifier in said web site user authentication data storage unit, said web site being a web site for which a user has asked said user authentication proxy unit to perform user authentication operations, said user identifier uniquely identifying the user;
received data saving means for saving the data, received by the user terminal from the web server for user authentication, into said web site user authentication data storage unit;
sending data saving means for saving the data, sent by said user terminal to the web server for user authentication, into said web site user authentication data storage unit;
URL comparing means for comparing a URL specified by the user on the user terminal with the URL saved in the web site user authentication data storage unit to determine if the URL specified by the user is the one for which said proxy user authentication unit is to perform user authentication operations;
received data comparing means for comparing data received from the web server to which a connection is made using the URL specified by the user with the received data saved in said web site user authentication data storage unit; and
surrogate authentication operation data sending means which, if said web site user authentication data storage unit stores therein a matching combination of the user identifier, URL, and received data from the web server, judges that user authentication operations may be performed on behalf of the user terminal, obtains corresponding sending data from said web site user authentication data storage unit for performing user authentication operations, and sends the obtained data to the web server.
-
-
6. A method for performing user authentication operations for a web site on behalf of a user,
wherein a user authentication proxy unit is provided between a user terminal and a web server for performing user authentication operations required for the web site, said user terminal accessing the web server over the Internet, wherein said user authentication proxy unit records data required for performing user authentication operations, and wherein said user authentication proxy unit performs user authentication operations for the web site, whose URL is specified by the user, regardless of a type of the user terminal.
-
8. A method for performing user authentication operations for a web site on behalf of a user, wherein a user authentication proxy unit is provided between a user terminal and a web server, said user terminal accessing the web server over the Internet, said method comprising the steps of:
-
saving information in storage means for use as information associated with a sequence of user authentication processes executed by a user between the user terminal and the web server over the Internet, said information being a combination of three data pieces, that is, a URL (Uniform Resource Locator) of a web site, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication;
sending a connection request to the web server specified by the URL when the user uses any user terminal to specify the URL of the web site;
when data on the URL is received from the web server, comparing the received data with data saved in advance in said storage means and, if a match is found, sending user authentication sending data saved in advance in the storage means to the web server on behalf of the user terminal instead of transferring to the user terminal the data received from the web server.
-
-
9. A recording medium storing thereon a program for use on a user authentication proxy unit provided between a user terminal and a web server, said user terminal accessing the web server over the Internet, said program causing a computer on the user authentication proxy unit to:
-
(a) save information in storage means for use as information associated with a sequence of user authentication processes executed by a user between the user terminal and the web server over the Internet, said information being a combination of three data pieces, that is, a URL (Uniform Resource Locator) of a web site, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication; and
(b) send a connection request to the web server specified by the URL when the user uses any user terminal to specify the URL of the web site, compare, when data on the URL is received from the web server, the received data with data saved in advance in said storage means, and, if a match is found, send user authentication sending data saved in advance in the storage means to the web server on behalf of the user terminal instead of transferring to the user terminal the data received from the web server.
-
-
10. A recording medium storing thereon a program for use on a user authentication proxy unit provided between a user terminal and a web server, said user terminal accessing the web server over the Internet, said user authentication proxy unit comprising:
-
a proxy user authentication data storage unit that stores therein a user identifier uniquely identifying a user and a password, said user identifier and said password being required for confirming that the user using said user authentication proxy unit is an authorized user; and
a web site user authentication data storage unit that stores therein combinations of data, each of said combinations being composed of a user identifier uniquely identifying a user, a URL of a web site, data received by the user terminal from the web server for user authentication, and data sent by the user terminal to the web server for user authentication, said program causing a computer on the user authentication proxy unit to;
(a) authenticate, using data saved in said proxy user authentication data storage unit, whether the user is an authorized user of said user authentication proxy unit;
(b) save a combination of the URL of the web site and the user identifier in said web site user authentication data storage unit, said web site being a web site for which a user has asked said user authentication proxy unit to perform user authentication operations, said user identifier uniquely identifying the user;
(c) save the data, received by the user terminal from the web server for user authentication, into said web site user authentication data storage unit;
(d) save the data, sent by said user terminal to the web server for user authentication, into said web site user authentication data storage unit;
(e) compare a URL specified by the user on the user terminal with the URL saved in the web site user authentication data storage unit to determine if the URL specified by the user is the one for which said proxy user authentication unit is to perform user authentication operations;
(f) compare data received from the web server to which a connection is made using the URL specified by the user with the received data saved in said web site user authentication data storage unit; and
(g) if said web site user authentication data storage unit stores therein a matching combination of the user identifier, URL, and received data from the web server, judge that user authentication operations may be performed on behalf of the user terminal, obtain sending data required for performing user authentication operations on behalf of the user terminal from said web site user authentication data storage unit, and send the obtained data to the web server.
-
Specification