System and method for user enrollment in an e-community

US 20030115267A1
Filed: 12/19/2001
Published: 06/19/2003
Est. Priority Date: 12/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method for allowing an Internet or intranet browser user to transfer directly to a domain that is participating in an e-community without repetitious and redundant authentication actions, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said method comprising the steps of:

enrolling said user at an affiliated domain through exchange of a home domain identity cookie with enrollment request and an affiliated domain identity cookie with enrollment response success indicator between said home domain server and an affiliated domain server;

vouching for the identity of the user through exchange of a vouch-for request and vouch-for response between said home domain server and an affiliated domain server;

building a local session at said affiliated domain for said user using said protected resource responsive to receipt of said vouch-for response; and

transmitting an e-community cookie from said affiliated domain server to said browser recording successful authentication of said user into said affiliated domain.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user'"'"'s home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user'"'"'s browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user'"'"'s browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.

196 Citations

24 Claims

1. A method for allowing an Internet or intranet browser user to transfer directly to a domain that is participating in an e-community without repetitious and redundant authentication actions, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said method comprising the steps of:
- enrolling said user at an affiliated domain through exchange of a home domain identity cookie with enrollment request and an affiliated domain identity cookie with enrollment response success indicator between said home domain server and an affiliated domain server;
  
  vouching for the identity of the user through exchange of a vouch-for request and vouch-for response between said home domain server and an affiliated domain server;
  
  building a local session at said affiliated domain for said user using said protected resource responsive to receipt of said vouch-for response; and
  
  transmitting an e-community cookie from said affiliated domain server to said browser recording successful authentication of said user into said affiliated domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as set forth in claim 1 wherein said step of enrolling the user at an affiliated domain comprises the steps of:
    - transmitting a home domain identity cookie and enrollment request by said home domain server to a user'"'"'s browser where it may be stored;
      
      redirecting said enrollment request to an affiliated domain server;
      
      transmitting an affiliated domain identity cookie with an enrollment response including an enrollment success indicator from said affiliated domain server to said user'"'"'s browser;
      
      redirecting said enrollment response with enrollment success indicator to said home domain server where it may be stored;
      
      updating a set of user information at said home domain to record enrollment success at said affiliated domain server such that there is a server-maintained persistent record of the user'"'"'s enrollment; and
      
      modifying said home domain identity cookie to record enrollment success at said affiliated domain server such that there is a user-maintained persistent record of the user'"'"'s enrollment so that the user may access and use resources associated with the affiliated domain server.
  - 3. The method as set forth claim 2 wherein said step of redirecting said enrollment request comprises performing a hyper text transfer protocol redirection operation.
  - 4. The method as set forth claim 2 wherein said step of redirecting said enrollment success indicator to said home domain server comprises performing a hyper text transfer protocol redirection operation.
  - 5. The method as set forth claim 2 wherein said step of modifying said home domain identity cookie to record enrollment success at said affiliated domain server comprises modifying extensible data in the home domain identity cookie to include a symbol indicating successful enrollment at said affiliated domain server.
  - 6. The method as set forth in claim 1 wherein said step of vouching for the identity of the user comprises the steps of:
    - transferring said affiliated domain identity cookie with access request for a protected resource from said user'"'"'s browser to said affiliated domain server;
      
      extracting the user'"'"'s home domain identity from the affiliated domain identity cookie in order to determine where to send a vouch-for request;
      
      sending a vouch-for request from said affiliated domain server to said home domain server via the user'"'"'s browser using redirection; and
      
      returning a vouch-for response to said affiliated domain server from said home domain server via the user'"'"'s browser using redirection.
  - 7. The method as set forth in claim 6 wherein said step of sending a vouch-for request from said affiliated domain server to said home domain comprises the step of determining the user'"'"'s home domain server by evaluation of the user'"'"'s affiliated domain identity cookie.
  - 8. The method as set forth in claim 6 wherein said step of sending a vouch-for request from said affiliated domain server to said home domain server comprises performing a hyper text transfer protocol redirection operation.
  - 9. The method as set forth in claim 6 wherein said step of returning a vouch-for response to said affiliated domain server from said home domain server comprises performing a hyper text transfer protocol redirection operation.

10. A computer readable medium encoded with software for allowing an Internet or intranet browser user to transfer directly to a domain that is participating in an e-community without repetitious and redundant authentication actions, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said software causing a processor to perform the steps of:
- enrolling said user at an affiliated domain through exchange of a home domain identity cookie with enrollment request and an affiliated domain identity cookie with enrollment response success indicator between said home domain server and an affiliated domain server;
  
  vouching for the identity of the user through exchange of a vouch-for request and vouch-for response between said home domain server and an affiliated domain server;
  
  building a local session at said affiliated domain for said user using said protected resource responsive to receipt of said vouch-for response; and
  
  transmitting an e-community cookie from said affiliated domain server to said browser recording successful authentication of said user into said affiliated domain.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer readable medium as set forth in claim 10 wherein said software for enrolling the user at an affiliated domain comprises software for performing the steps of:
    - transmitting a home domain identity cookie and enrollment request by said home domain server to a user'"'"'s browser where it may be stored;
      
      redirecting said enrollment request to an affiliated domain server;
      
      transmitting an affiliated domain identity cookie with an enrollment response including an enrollment success indicator from said affiliated domain server to said user'"'"'s browser;
      
      redirecting said enrollment response with enrollment success indicator to said home domain server where it may be stored;
      
      updating a set of user information at said home domain to record enrollment success at said affiliated domain server such that there is a server-maintained persistent record of the user'"'"'s enrollment; and
      
      modifying said home domain identity cookie to record enrollment success at said affiliated domain server such that there is a user-maintained persistent record of the user'"'"'s enrollment so that the user may access and use resources associated with the affiliated domain server.
  - 12. The computer readable medium as set forth in claim 11 wherein said software for redirecting said enrollment request comprises software for performing a hyper text transfer protocol redirection operation.
  - 13. The computer readable medium as set forth in claim 11 wherein said software for redirecting said enrollment success indicator to said home domain server comprises software for performing a hyper text transfer protocol redirection operation.
  - 14. The computer readable medium as set forth in claim 11 wherein said software for modifying said home domain identity cookie to record enrollment success at said affiliated domain server comprises software for modifying extensible data in the home domain identity cookie to include a symbol indicating successful enrollment at said affiliated domain server.
  - 15. The computer readable medium as set forth in claim 10 wherein said software for vouching for the identity of the user comprises software for performing the steps of:
    - transferring said affiliated domain identity cookie with access request for a protected resource from said user'"'"'s browser to said affiliated domain server;
      
      extracting the user'"'"'s home domain identity from the affiliated domain identity cookie in order to determine where to send a vouch-for request;
      
      sending a vouch-for request from said affiliated domain server to said home domain server via the user'"'"'s browser using redirection; and
      
      returning a vouch-for response to said affiliated domain server from said home domain server via the user'"'"'s browser using redirection.
  - 16. The computer readable medium as set forth in claim 15 wherein said software for sending a vouch-for request from said affiliated domain server to said home domain comprises software for determining the user'"'"'s affiliated domain server by evaluation of the user'"'"'s home domain identity cookie.
  - 17. The computer readable medium as set forth in claim 15 wherein said software for sending a vouch-for request from said affiliated domain server to said home domain server comprises software for performing a hyper text transfer protocol redirection operation.
  - 18. The computer readable medium as set forth in claim 15 wherein said software for returning a vouch-for response to said affiliated domain server from said home domain server comprises software for performing a hyper text transfer protocol redirection operation.

19. A system for e-community enrollment by an Internet or intranet user using cross-domain single-sign-on to a domain that is participating in an e-community without repetitious and redundant authentication actions, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said system comprising:
- a home domain identity cookie accompanying an enrollment request receivable by an affiliated domain server;
  
  an affiliated domain identity cookie accompanying an enrollment response success indicator receivable by said home domain server;
  
  a vouch-for request receivable by a home domain server; and
  
  a vouch-for response receivable by said affiliated domain server; and
  
  an e-community cookie receivable by said browser to record successful authentication of said user into said affiliated domain for the duration of the user'"'"'s session.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system as set forth in claim 19 further comprising:
    - an enrollment request redirector for redirecting said enrollment request from said home domain server to an affiliated domain server via said browser;
      
      an enrollment response redirector for redirecting said enrollment response with enrollment success indicator to said home domain server from said affiliated domain server via said browser;
      
      a user information manager operable by said home domain adapted to record enrollment success at said affiliated domain server such that there is a server-maintained persistent record of the user'"'"'s enrollment; and
      
      a home domain identity cookie modifier adapted to record enrollment success at said affiliated domain server such that there is a client-maintained persistent record of the user'"'"'s enrollment so that the user may access and use resources associated with the affiliated domain server.
  - 21. The system as set forth claim 20 wherein said enrollment request redirector comprises a hyper text transfer protocol command.
  - 22. The system as set forth claim 20 wherein said enrollment response redirector comprises a hyper text transfer protocol redirection command.
  - 23. The system as set forth claim 20 wherein said home domain identity cookie modifier is adapted to modify extensible data in the home domain identity cookie to include a symbol indicating successful enrollment at said affiliated domain server.
  - 24. The system as set forth in claim 19 further comprising an affiliated domain identity cookie evaluator for extracting the user'"'"'s home domain identity from said affiliated domain identity cookie in order to determine where to send a vouch-for request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activision Publishing Incorporated (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria, Blakley, George Robert III, Clark, Greg

Granted Patent

US 6,993,596 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/204
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/20   for managing network securi...

System and method for user enrollment in an e-community

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

196 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user enrollment in an e-community

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

196 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links