Method and apparatus to authenticate and authorize user access to a system
First Claim
1. A method to authenticate and authorize a user, the method comprising:
- receiving a request for authentication and authorization of the user from a secondary computer system on behalf of the user, the user seeking permission to access a primary computer system via the secondary computer system, via a computer network, wherein the request includes user information corresponding to the user;
verifying the user information for authenticity, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the primary computer system;
if it is determined that the user satisfies the authentication and authorization criteria, generating a token associated with the user by utilizing an authenticator residing at the primary computer system to authenticate and authorize the user; and
transmitting a portion of the token from the primary computer system to the secondary computer system on behalf of the user to permit the user to access the primary computer system via the secondary computer system, via the computer network.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and system are provided for authenticating and authorizing user access to a system. According to one embodiment, a request for authentication and authorization of a user is received from a secondary site on behalf of the user who is seeking to access a primary site via the secondary site via a computer network. The request includes information relating to the user. The user information is then verified for authenticity, including determining whether the user satisfies the criteria for obtaining authentication and authorization as defined by the primary site. If the criteria are satisfied, a token, associated with the user, is generated at the primary site. A portion of the token is transmitted from the primary site to the secondary site on behalf of the user to permit the user to access the primary site via the secondary site, via the computer network.
-
Citations
56 Claims
-
1. A method to authenticate and authorize a user, the method comprising:
-
receiving a request for authentication and authorization of the user from a secondary computer system on behalf of the user, the user seeking permission to access a primary computer system via the secondary computer system, via a computer network, wherein the request includes user information corresponding to the user;
verifying the user information for authenticity, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the primary computer system;
if it is determined that the user satisfies the authentication and authorization criteria, generating a token associated with the user by utilizing an authenticator residing at the primary computer system to authenticate and authorize the user; and
transmitting a portion of the token from the primary computer system to the secondary computer system on behalf of the user to permit the user to access the primary computer system via the secondary computer system, via the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for authenticating and authorizing a user, the method comprising:
-
generating a first token associated with the user to permit the user to access a primary computer system via a first secondary computer system, wherein the first token includes cryptographic user information authenticating and authorizing the user to access the primary computer system via the first secondary computer system, via a computer network;
dividing the first token into two or more segments; and
transmitting a first segment of the first token from the primary computer system to the first secondary computer system for the user to perform future access to the primary computer system via the first secondary computer system; and
storing a second segment of the first token at the primary computer system to match the second segment of the first token with the first segment of the first token received from the first secondary computer system for each of the future accesses attempted by the user. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus, comprising:
-
a client computer to receive a request from a user seeking to access a server computer via the client computer, and to transmit the request to the server computer via a computer network, wherein the request includes user information relating to the user; and
the server computer coupled with the client computer over the computer network, the server computer to receive the request from the client computer, verify the user information, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the server computer, if it is determined that the user satisfies the authentication and authorization criteria, generate a token associated with the user by utilizing an authenticator of the server computer to authenticate and authorize the user, and transmit a portion of the token from the server computer to the client computer on behalf of the user to permit the user to access the server computer via the client computer, via the computer network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A system, comprising:
-
a first storage medium;
a first client computer system coupled with the first storage medium, the first client computer system to receive a first request from a user seeking authentication and authorization to access a server computer system via the first client computer system, and to transmit the first request to the server computer system via a computer network, wherein the first request includes user information relating to the user; and
the server computer system coupled with the first client computer system over the computer network, the server computer system to receive the first request from the first client computer system, verify the user information, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the server computer system, if it is determined that the user satisfies the authentication and authorization criteria, generate a first token associated with the user by utilizing an authenticator of the server computer system to authenticate and authorize the user, and transmit a portion of the first token from the server computer system to the first client computer system on behalf of the user to permit the user to access the server computer system via the first client computer system, via the computer network. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A machine-readable medium having stored thereon data representing sets of instructions which, when executed by a machine, cause the machine to:
-
receive a request for authentication and authorization of a user from a secondary computer system on behalf of the user seeking permission to access a primary computer system via the secondary computer system, via a computer network, wherein the request includes user information corresponding to the user;
verify the user information for authenticity, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the primary computer system;
if it is determined that the user satisfies the authentication and authorization criteria, generate a token associated with the user by utilizing an authenticator of the primary computer system to authenticate and authorize the user;
transmit a portion of the token from the primary computer system to the secondary computer system on behalf of the user to permit the user to access the primary computer system via the secondary computer system, via the computer network. - View Dependent Claims (39, 40, 41, 42)
-
-
43. A machine-readable medium having stored thereon data representing sets of instructions which, when executed by a machine, cause the machine to:
-
generate a first token associated with the user to permit the user to access a primary computer system via a first secondary computer system, wherein the first token includes cryptographic user information authenticating and authorizing the user to access the primary computer system via the first secondary computer system, via a computer network;
divide the first token into two or more segments; and
transmit a first segment of the first token from the primary computer system to the first secondary computer system for the user to perform futures access to the primary computer system via the first secondary computer system; and
store a second segment of the first token at the primary computer system to match the second segment of the first token with the first segment of the first token received from the first secondary computer system for each of the future accesses attempted by the user. - View Dependent Claims (44, 45, 46, 47, 48)
-
-
49. An apparatus, comprising:
-
means for receiving a request from a user, the user seeking to access a server computer via a client computer, and means for transmitting the request to the server computer via a computer network, wherein the request includes user information relating to the user; and
means for receiving the request from the client computer, means for verifying the user information, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the server computer, if it is determined that the user satisfies the authentication and authorization criteria, means for generating a token associated with the user by utilizing an authenticator of the server computer to authenticate and authorize the user, and means for transmitting a portion of the token from the server computer to the client computer on behalf of the user to permit the user to access the server computer via the client computer, via the computer network. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
-
Specification