Single sign-on to remote server sessions using the credentials of the local client
First Claim
1. In a client-server system, a method for single sign-on, the method comprising the steps of:
- (a) providing a server and a client wherein a remote presentation protocol communicates between said client node and said server;
wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;
(b) said client obtaining a ticket for a user operating said client, wherein said ticket represents a security context of said user on said client;
(c) upon connecting said client to said server, transferring said ticket from said client to said server;
(d) authenticating said ticket by said server with a security authority; and
(e) upon said authenticating, said server receiving from said security authority a security context for said ticket; and
(f) upon requesting by said client, launching applications using said security context.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for single sign-on in a client-server system including a server and a client and a remote presentation protocol based on ITU T.120, communicates between the client node and the server. The client obtains a ticket for a user operating the client. The ticket identifies the security context of the user on the client. Upon connecting the client to the server, the ticket is transferred from the client to the server. The server authenticates the ticket with a security authority and when authenticated the server receives from the security authority a security context for the ticket. When the client so requests, applications are launched using that security context. Preferably, the server is a Microsoft Terminal Server and the remote presentation protocol is Microsoft Remote Desktop Protocol (RDP). The ticket transfer preferably uses a channel within the remote presentation protocol, such as an RDP virtual channel.
110 Citations
13 Claims
-
1. In a client-server system, a method for single sign-on, the method comprising the steps of:
-
(a) providing a server and a client wherein a remote presentation protocol communicates between said client node and said server;
wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;
(b) said client obtaining a ticket for a user operating said client, wherein said ticket represents a security context of said user on said client;
(c) upon connecting said client to said server, transferring said ticket from said client to said server;
(d) authenticating said ticket by said server with a security authority; and
(e) upon said authenticating, said server receiving from said security authority a security context for said ticket; and
(f) upon requesting by said client, launching applications using said security context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13)
-
-
9. In a client-server system, a method for single sign-on, the method comprising the steps of:
-
(a) providing a Microsoft Terminal Server and a client wherein a remote presentation protocol communicates between said client and said Microsoft Terminal Server, wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;
(b) providing a key-distribution center operatively attached to said Microsoft Terminal Server and said client;
(c) requesting by said client for a ticket granting ticket by providing said key-distribution center with identification and authentication information of a user of said client;
(d) upon verifying said identification and authentication information by said key-distribution center, sending said ticket-granting ticket to said client;
(e) said client storing said ticket-granting ticket;
(f) upon said user requiring a service from said Microsoft Terminal Server, providing said key-distribution center with said ticket-granting ticket and with an identifier of said service;
(g) upon said key-distribution center validating said ticket-granting ticket and recognizing said identifier, sending a service ticket to said client;
(h) upon receiving said service ticket, sending by said client said service ticket to said service, whereby said user is not required to manually log-in to said service; and
(i) transferring said service ticket by said server to said key-distribution center for identification and authentication. - View Dependent Claims (10, 11, 12)
-
Specification