Authenticating and communicating verifiable authorization between disparate network domains
First Claim
1. A method for a user to access a secure Internet site, the method utilizing user credential data and other user data, the method comprising the steps of:
- checking user credential data according to a first predetermined plan;
authorizing said user to access a secure Internet site if said user credentials permit;
creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; and
transmitting said digitally signed request to said secure Internet site.
1 Assignment
0 Petitions
Accused Products
Abstract
Verifiable authentication credentials are provided to foreign systems without passing an id and password to the protected resource. A user wishing to access a secure remote site is prompted for credentials, the credentials are authenticated locally and a digitally signed token is created. The token is redirected to the secure remote site by the user'"'"'s browser using HTTP redirection. The digitally signature is verified by the secure remote site preferably by a digital signature web service. The remote site establishes communications with the user if the digital signature is valid.
157 Citations
30 Claims
-
1. A method for a user to access a secure Internet site, the method utilizing user credential data and other user data, the method comprising the steps of:
-
checking user credential data according to a first predetermined plan;
authorizing said user to access a secure Internet site if said user credentials permit;
creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; and
transmitting said digitally signed request to said secure Internet site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for a user to access a secure Internet site, the system utilizing user credential data and other user data, the system comprising:
-
a checker checking user credential data according to a first predetermined plan;
an authorizer authorizing said user to access a secure Internet site if said user credentials permit;
a signature generator creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; and
a transmitter transmitting said digitally signed request to said secure Internet site. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product for a user to access a secure Internet site, the computer program product utilizing user credential data and other user data, the computer program product comprising a computer readable medium having computer readable program code therein, the computer program product comprising:
-
computer readable program code for checking user credential data according to a first predetermined plan;
computer readable program code for authorizing said user to access a secure Internet site if said user credentials permit;
computer readable program code for creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; and
computer readable program code for transmitting said digitally signed request to said secure Internet site. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification