Centralized single sign-on method and system for a client-server environment
First Claim
1. A method for transparent sign-on in a client-server environment, the method comprising the steps of:
- receiving an encrypted communication on an originating server from a client, the client using a browser;
creating a challenge at the originating server;
sending an encrypted communication to a central sign-on server from the originating server;
receiving an encrypted communication on the originating server from the central sign-on server, wherein the communication received on the originating server includes a response to the communication sent to the central sign-on server;
updating a client session on the originating server; and
sending another encrypted communication to the central sign-on server from the originating server.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention generally relates to the field of secure centralized single sign-on and session maintenance for web servers on the Internet. In a preferred implementation, a single sign-on protocol for use by web servers is independent of the actual authentication mechanism used by any of the individual web servers accessed by the user. Users authenticate themselves with any one of a group of federated servers so that a user does not need to be re-authenticated by other servers in the federation. In a preferred implementation there is also a centralized server that provides for the transparent sign-on, session management, and session termination within each server in the federation of servers, and each federated server communicates with the central sign-on server.
-
Citations
48 Claims
-
1. A method for transparent sign-on in a client-server environment, the method comprising the steps of:
-
receiving an encrypted communication on an originating server from a client, the client using a browser;
creating a challenge at the originating server;
sending an encrypted communication to a central sign-on server from the originating server;
receiving an encrypted communication on the originating server from the central sign-on server, wherein the communication received on the originating server includes a response to the communication sent to the central sign-on server;
updating a client session on the originating server; and
sending another encrypted communication to the central sign-on server from the originating server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31)
-
-
12. A method for transparent sign-on in a client-server environment, the method comprising the steps of:
-
receiving an encrypted communication on a central sign-on server, wherein the communication is from a web server;
recognizing a client on the central sign-on server;
sending an encrypted communication to the web server from the central sign-on server; and
receiving another encrypted communication on the central sign-on server from the web server.
-
-
26. A method for session maintenance in a transparent sign-on client-server environment, the method comprising the steps of:
-
running a session freshening task for sessions on a web server;
sending an encrypted communication to a central sign-on server from the web server; and
recognizing a session on the central sign-on server.
-
-
32. A method for session maintenance in a transparent sign-on client server environment, the method comprising the steps of:
-
recognizing a client on a web server;
terminating a client session on the web server;
sending an encrypted message to a central sign-on server;
recognizing the client on the central sign-on server;
updating a record of a session associated with the client;
sending an encrypted communication to a second web server, the second web server having a current local session associated with the client; and
terminating a local session associated with the client at the second web server. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A system for secure single sign-on in a client-server environment, the system comprising:
-
a server, the server configured to communicate with a client;
a central sign-on server, the central sign-on server configured to communicate with the client and the server; and
means for identifying the client on the central sign-on server. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
Specification