Single sign-on to remote server sessions using the credentials of the local client

US 20060230438A1
Filed: 04/06/2006
Published: 10/12/2006
Est. Priority Date: 04/06/2005
Status: Abandoned Application

First Claim

Patent Images

1. In a client-server system, a method for single sign-on, the method comprising the steps of:

(a) providing a server and a client wherein a remote presentation protocol communicates between said client node and said server;

wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;

(b) said client obtaining a ticket for a user operating said client, wherein said ticket represents a security context of said user on said client;

(c) upon connecting said client to said server, transferring said ticket from said client to said server;

(d) authenticating said ticket by said server with a security authority; and

(e) upon said authenticating, said server receiving from said security authority a security context for said ticket; and

(f) upon requesting by said client, launching applications using said security context.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for single sign-on in a client-server system including a server and a client and a remote presentation protocol based on ITU T.120, communicates between the client node and the server. The client obtains a ticket for a user operating the client. The ticket identifies the security context of the user on the client. Upon connecting the client to the server, the ticket is transferred from the client to the server. The server authenticates the ticket with a security authority and when authenticated the server receives from the security authority a security context for the ticket. When the client so requests, applications are launched using that security context. Preferably, the server is a Microsoft Terminal Server and the remote presentation protocol is Microsoft Remote Desktop Protocol (RDP). The ticket transfer preferably uses a channel within the remote presentation protocol, such as an RDP virtual channel.

110 Citations

13 Claims

1. In a client-server system, a method for single sign-on, the method comprising the steps of:
- (a) providing a server and a client wherein a remote presentation protocol communicates between said client node and said server;
  
  wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;
  
  (b) said client obtaining a ticket for a user operating said client, wherein said ticket represents a security context of said user on said client;
  
  (c) upon connecting said client to said server, transferring said ticket from said client to said server;
  
  (d) authenticating said ticket by said server with a security authority; and
  
  (e) upon said authenticating, said server receiving from said security authority a security context for said ticket; and
  
  (f) upon requesting by said client, launching applications using said security context.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13)
- - 2. The method, according to claim 1, wherein said server is a Microsoft Terminal Server.
  - 3. The method, according to claim 1, wherein said remote presentation protocol is Microsoft Remote Desktop Protocol.
  - 4. The method, according to claim 1, wherein said transferring of said ticket uses a virtual channel within said remote presentation protocol.
  - 5. The method, according to claim 1, wherein said transferring of said ticket is performed by said client using an anonymous account having fixed credentials.
  - 6. The method, according to claim 1, wherein said transferring a ticket is performed using an anonymous account on said server with a security context different from said security context of said user.
  - 7. The method, according to claim 1, further comprising the step of:
    - (g) maintaining a pool of active anonymous sessions, whereby said connecting is expedited.
  - 8. The method, according to claim 1, wherein said transferring of said ticket is performed by said client to a Graphical Identification and Authentication (GINA) dynamic-link library (DLL) on said server.
  - 13. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single sign-on in a client-server system including a server and a client wherein a remote presentation protocol based communicates between said client and said server, wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120 wherein said machine is selectably either the server or the client, the method according to claim 1.

9. In a client-server system, a method for single sign-on, the method comprising the steps of:
- (a) providing a Microsoft Terminal Server and a client wherein a remote presentation protocol communicates between said client and said Microsoft Terminal Server, wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;
  
  (b) providing a key-distribution center operatively attached to said Microsoft Terminal Server and said client;
  
  (c) requesting by said client for a ticket granting ticket by providing said key-distribution center with identification and authentication information of a user of said client;
  
  (d) upon verifying said identification and authentication information by said key-distribution center, sending said ticket-granting ticket to said client;
  
  (e) said client storing said ticket-granting ticket;
  
  (f) upon said user requiring a service from said Microsoft Terminal Server, providing said key-distribution center with said ticket-granting ticket and with an identifier of said service;
  
  (g) upon said key-distribution center validating said ticket-granting ticket and recognizing said identifier, sending a service ticket to said client;
  
  (h) upon receiving said service ticket, sending by said client said service ticket to said service, whereby said user is not required to manually log-in to said service; and
  
  (i) transferring said service ticket by said server to said key-distribution center for identification and authentication.
- View Dependent Claims (10, 11, 12)
- - 10. The method, according to claim 9, further comprising the steps of:
    - (j) upon authenticating said service ticket, sending by said key-distribution center a security context of said user to said service; and
      
      (k) granting said client access to said service.
  - 11. The method, according to claim 9, wherein said remote presentation protocol is Microsoft Remote Desktop Protocol.
  - 12. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single sign-on in a client-server system including a Microsoft Terminal Server and a client wherein a remote presentation protocol communicates between said client and said Microsoft Terminal Server, wherein said remote presentation protocol is based on International Telecommunications Union (ITU) standard T.120;
    - wherein said machine is selectably either the server or the client, the method according to claim 9.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericom Software Ltd. (Telefonaktiebolaget LM Ericsson)
Original Assignee
Ericom Software Ltd. (Telefonaktiebolaget LM Ericsson)
Inventors
Heyman, Eran, Shilo, Dror, Shappir, Dan

Application Number

US11/398,553
Publication Number

US 20060230438A1
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

Single sign-on to remote server sessions using the credentials of the local client

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on to remote server sessions using the credentials of the local client

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links