Seamless cross-site user authentication status detection and automatic login
First Claim
1. An apparatus for determining in a global network the user status as the user goes from site to site within said network, said apparatus comprising:
- a set of baseline authentication agencies responsible for core global network authentication services;
a global network domain and associated DNS records used for cookie sharing, login routing, and the like; and
a collection of partner sites with access to cookies shared via said global network domain.
12 Assignments
0 Petitions
Accused Products
Abstract
A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.
-
Citations
12 Claims
-
1. An apparatus for determining in a global network the user status as the user goes from site to site within said network, said apparatus comprising:
-
a set of baseline authentication agencies responsible for core global network authentication services;
a global network domain and associated DNS records used for cookie sharing, login routing, and the like; and
a collection of partner sites with access to cookies shared via said global network domain. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for an existing global network user using a browser and having a global network account logging onto a global network partner site without preexisting authentication, said user having an account on said partner site, wherein said user account has an account number, and wherein said user previously authorized said global network to seamlessly log said user into said partner site, said method comprising the steps of:
-
said user authenticating itself to a baseline authentication agency associated with the user, via any suitable method allowed by said baseline authentication agency and said global network;
said baseline authentication agency setting values of a plurality of shared cookies, said plurality of cookies set on a partner-site-accessible subdomain of a global network domain, thereby readable by said baseline authentication agency and all global network partner sites, said plurality of shared cookies comprising, but not limited to;
a shared network login status cookie containing both the user'"'"'s global network login status, and the network id of the user'"'"'s baseline authentication agency;
said baseline authentication agency setting values of a plurality of private cookies, set on a private domain only accessible by said baseline authentication agency, said plurality of private cookies comprising, but not limited to;
one or more global network credential cookies;
said baseline authentication agency generating a short-lived, partner-specific, encrypted login token and returning it to the browser as a hidden input field in an auto-submitting input form;
said browser processing said auto-submitting input form returned by said baseline authentication agency and submitting sad login token to a partner site'"'"'s login handler;
said partner site performing a server to server token validation request to said baseline authentication agency by passing said login token;
said baseline authentication agency validating said login token and returning the user'"'"'s global network account number to the partner site; and
said partner site mapping the user'"'"'s global network account number to a corresponding login id on said partner site, proceeding to log in, setting corresponding cookies on said partner site, and returning a personalized welcome page to said browser. - View Dependent Claims (8, 9)
-
-
10. A method for a user on a global network using a browser visiting a partner Web site, wherein said partner Web site is a linked and seamlessly login enabling global network site, during an ongoing session, said method comprising the steps of:
-
said user selecting said partner Web site and said browser requesting a home page of said partner Web site, wherein said home page of said partner Web site comprises a JavaScript tag telling said browser to fetch a partner site-served JavaScript file from said partner site server, as well as fetch other relevant JavaScript code;
said partner Web site server obtains a network login status cookie on a global network domain, thereby determining said user'"'"'s global network login status and BAA;
said partner Web site using a BAA id from said network login status cookie for formulating a URL to a login token-generation service of said associated authentication agency domain, and returning an HTTP redirect to said URL;
said browser fetching said URL, and passing a global network site id of said partner Web site;
said associated authentication agency domain receiving said token-generation request including said site id, as well as any corresponding user global network credential cookie previously sent to the browser;
said partner Web site'"'"'s home page comprising a particular JavaScript code and using said particular JavaScript code for determining a JavaScript login-token variable has a value, wherein if said login-token variable has said value, then said proceeds with a seamless global network login processing;
said partner Web site requesting mapping of said login-token variable to an user global network account number;
said global network server decrypting said login-token variable and performing validation checks on said login-token variable, said checks comprising, but not limited to;
not expired and if an associated IP of said requesting partner Web site is in an allowed list, and if said validation checks pass, then said global network server returning said global network account number to said partner Web site; and
said partner Web site mapping said user'"'"'s global network account number to a corresponding partner Web site record, logging user in, setting cookies of said partner Web site, and returning a personalized welcome page. - View Dependent Claims (11, 12)
-
Specification