Single sign-on method for web-based applications

US 20040250118A1
Filed: 04/29/2003
Published: 12/09/2004
Est. Priority Date: 04/29/2003
Status: Active Grant

First Claim

Patent Images

1. A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:

accessing an access server from said client machine;

entering user-specific access server logon credentials for logon and access to said access server;

selecting a target application;

presenting to said target application by said access server, previously stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session;

sending from said access server to said client machine, information for establishing a connection from said client machine to said target application; and

establishing a target application session, bypassing said access server, between said client machine and said target application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.

159 Citations

25 Claims

1. A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
- accessing an access server from said client machine;
  
  entering user-specific access server logon credentials for logon and access to said access server;
  
  selecting a target application;
  
  presenting to said target application by said access server, previously stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session;
  
  sending from said access server to said client machine, information for establishing a connection from said client machine to said target application; and
  
  establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further including presenting to said client machine from said access server, a personalized link page of previously registered target applications, user-specific target application logon credentials of said previously registered target applications having been previously stored.
  - 3. The method of claim 1, further including in the order listed:
    - selecting a new target application from a list of enabled target applications;
      
      entering user-specific target application logon credentials for said new target application; and
      
      storing said user-specific target application logon credentials for said new target application for use by said access server to logon the user to said new target application.
  - 4. The method of claim 1, further including in the order listed:
    - starting a network traffic recorder;
      
      selecting a new target application;
      
      entering new user-specific target application logon credentials for logon and access to said new target application;
      
      stopping said network traffic recorder;
      
      generating logon code for said new target application based on network traffic recorded by said traffic recorder; and
      
      storing said logon code and said user-specific target application logon credentials for said new target application for use by said access server to logon the user to said new target application.
  - 5. The method of claim 1, wherein said information for establishing a connection from said client machine to said target application includes cookies, onload forms, forms with hidden fields and rewritten universal resource locators or combinations thereof.
  - 6. The method of claim 1, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 7. The method of claim 1, wherein said access server is a portal server or an HTTP proxy server.
  - 8. The method of claim 1, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 9. The method of claim 1, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID and a password.

10. A system architecture for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
- means for accessing an access server from said client machine;
  
  means for entering user-specific access server logon credentials for logon and access to said access server;
  
  means for selecting a target application;
  
  means for presenting to said target application by said access server, previously stored user-specific target application logon credentials for logon and access to said target application in a format and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session;
  
  means for sending from said access server to said client machine, information for establishing a link from said client machine to said target application; and
  
  means for establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The system architecture of claim 10, further including means for presenting to said client machine from said access server, a personalized link page of previously registered target applications, user-specific target application logon credentials of said previously registered target applications having been previously stored.
  - 12. The system architecture of claim 10, further including:
    - means for selecting a new target application from a list of enabled target applications;
      
      means for entering user-specific target application logon credentials for said new target application; and
      
      means for storing said user-specific target application logon credentials for said new target application for use by said access server to logon the user to said new target application.
  - 13. The system architecture of claim 12, wherein said means for storing said user-specific target application logon credentials is a database.
  - 14. The system architecture of claim 10, further including:
    - means for selecting a new target application;
      
      means for entering new user-specific target application logon credentials for logon and access to said new target application;
      
      a network traffic recorder for recording network traffic between said client machine and a server on which said new target application is running, said traffic including selection of said new target application, access to said new target application and setup of user-specific logon credentials to said new target application;
      
      means for generating logon code for said new application based on network traffic recorded by said traffic recorder; and
      
      means for storing said logon code and said user-specific target application logon credentials for said new target application for use by said access server to logon the user to said new target application.
  - 15. The system architecture of claim 14, wherein said means for storing said logon code and said user-specific target application logon credentials is a database.
  - 16. The system architecture of claim 10, wherein said information for establishing a link from said client machine to said target application includes cookies, onload forms, forms with hidden fields and rewritten universal resource locators or combinations thereof.
  - 17. The system architecture of claim 10, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 18. The system architecture of claim 10, wherein said access server is a portal server or a HTTP proxy server.
  - 19. The system architecture of claim 10, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 20. The system architecture of claim 10, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID and a password.
  - 21. The system architecture of claim 10, wherein said previously stored user-specific target application logon credentials are stored on a database.

22. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network said method steps comprising:
- facilitating access to an access server from said client machine;
  
  facilitating entering of user-specific access server logon credentials for logon and access to said access server;
  
  selecting a target application;
  
  presenting to said target application by said access server, previously stored user-specific target application logon credentials for logon and access to said target application in form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and
  
  establishing target application session, bypassing said access server, between said client machine and said target application.

23. An access server connectable in an information process network, comprising:
- at least one processor;
  
  a memory;
  
  a computer program supported in said memory for enabling access to access to a target application on a target application server linked to said information-processing network, the computer program comprising;
  
  means for accessing said access server from said client machine;
  
  means for entering user-specific access server logon credentials for logon and access to said access server;
  
  means for selecting said target application;
  
  means for presenting to said target application by said access server, previously stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and
  
  means for establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (24, 25)
- - 24. The access server of claim 23, wherein information-processing network is an intranet, The Internet or a combination thereof.
  - 25. The access server of claim 23, wherein said access server is a portal server or an HTTP proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Andreev, Dmitry, Vilshansky, Gregory

Granted Patent

US 7,496,953 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Single sign-on method for web-based applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

159 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on method for web-based applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links