System and method for single sign-on session management without central server
First Claim
Patent Images
1. A method for single sign-on session management, the method comprising:
- establishing a session credential;
validating the session credential at a first server;
granting access to a first resource of the first server;
validating the session credential at a second server; and
granting access to a second resource of the second server, wherein communication with a third server is not required to validate the session credential at either the first server or the second server.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized.
-
Citations
45 Claims
-
1. A method for single sign-on session management, the method comprising:
-
establishing a session credential;
validating the session credential at a first server;
granting access to a first resource of the first server;
validating the session credential at a second server; and
granting access to a second resource of the second server, wherein communication with a third server is not required to validate the session credential at either the first server or the second server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for single sign-on session management, the method comprising:
-
establishing a cryptographically generated cookie held by a client browser as a session credential;
receiving the session credential from the client browser at a first server;
validating the session credential at the first server by decrypting the cookie;
granting the client browser access to a first protected resource of the first server;
updating a timeout value contained within the session credential;
cryptographically generating a new session credential as a cookie containing the updated timeout value;
sending the new session credential to the client browser;
receiving the new session credential at a second server;
validating the new session credential at a second server by decrypting the cookie; and
granting access to a second protected resource of the second server, wherein communication with a third server is not required to validate the session credentials at either the first server or the second server.
-
-
16. Computer executable software code transmitted as an information signal, the code for single sign-on session management, the code comprising:
-
code to establish a session credential;
code to validate the session credential at a first server;
code to grant access to a first resource of the first server;
code to validate the session credential at a second server; and
code to grant access to a second resource of the second server, wherein communication with a third server is not required to validate the session credential at either the first server or the second server.
-
-
17. A computer readable medium having computer executable code stored thereon, the code for single sign-on session management, the code comprising:
-
code to establish a session credential;
code to validate the session credential at a first server;
code to grant access to a first resource of the first server;
code to validate the session credential at a second server; and
code to grant access to a second resource of the second server, wherein communication with a third server is not required to validate the session credential at either the first server or the second server.
-
-
18. A programmed computer for single sign-on session management, comprising:
-
a memory having at least one region for storing computer executable program code; and
a processor for executing the program code stored in the memory, wherein the program code comprises;
code to establish a session credential;
code to validate the session credential at a first server;
code to grant access to a first resource of the first server;
code to validate the session credential at a second server; and
code to grant access to a second resource of the second server, wherein communication with a third server is not required to validate the session credential at either the first server or the second server.
-
-
19. A method for single sign-on session management, the method comprising:
-
providing a list of authorized users to a first server and to a second server;
establishing a session credential using the list of authorized users;
validating the session credential at the first server;
validating the session credential at a second server, wherein communication with a third server is not required to validate the session credential at either the first server or the second server;
providing an update to the list of authorized users to the first server and to the second server; and
changing the session credential based on the update to the list. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A system for single sign-on session management, the system comprising:
-
a first server with a first resource;
a session management plug-in running on the first server;
a second server with a second resource;
a session management plug-in running on the second server;
a first network providing a connection of the second server to the first server; and
a client with a session credential, the client connectable to the first server and to the second server by the first network, wherein the first server validates the session credential using the session management plug-in running on the first server without requiring a connection to either the second server or any other server and the second server validates the session credential using the session management plug-in running on the second server without requiring a connection to either the first server or any other server. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification