System and method for secure network state management and single sign-on
First Claim
Patent Images
1. A method of handling client state information, said method comprising:
- receiving, at a first computer system, a first request from a second computer system, wherein the first request is received over a computer network;
identifying access control data pertaining to the second computer system;
creating an encrypted value based upon the access control data; and
storing, on the second computer system, a state management data structure that includes an access control identifier and the encrypted value.
1 Assignment
0 Petitions
Accused Products
Abstract
State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server'"'"'s cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.
-
Citations
30 Claims
-
1. A method of handling client state information, said method comprising:
-
receiving, at a first computer system, a first request from a second computer system, wherein the first request is received over a computer network;
identifying access control data pertaining to the second computer system;
creating an encrypted value based upon the access control data; and
storing, on the second computer system, a state management data structure that includes an access control identifier and the encrypted value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An first information handling system comprising:
-
one or more processors;
a memory accessible by the processors;
a network interface connecting the information handling system to a computer network;
a tool for handling client state information, the tool including software effective to;
receive, at the first information handling system, a first request from a second information handling system, wherein the first request is received over a computer network;
identify access control data pertaining to the second information handling system;
create an encrypted value based upon the access control data; and
store, on the second information handling system, a state management data structure that includes an access control identifier and the encrypted value. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product stored on a computer operable media for handling client state data, said computer program product comprising:
-
means for receiving, at a first computer system, a first request from a second computer system, wherein the first request is received over a computer network;
means for identifying access control data pertaining to the second computer system;
means for creating an encrypted value based upon the access control data; and
means for storing, on the second computer system, a state management data structure that includes an access control identifier and the encrypted value. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification