USER AUTHENTICATION

US 20070174905A1
Filed: 10/04/2006
Published: 07/26/2007
Est. Priority Date: 07/10/2000
Status: Active Grant

First Claim

Patent Images

1-36. -36. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention authenticates a user for multiple resources distributed across multiple domains through the performance of a single authentication. User access requests for a protected resource in a first domain are received and redirected to a second domain. User authentication is performed at the second domain. In one embodiment, the system transmits an authentication cookie for the second domain to the user after authentication at the second domain. In another embodiment, the system further redirects subsequent resource requests for resources in the first domain or a third domain to the second domain. The second domain confirms the user'"'"'s authentication for applicable portions of the first, second, and third domains using the cookie.

Citations

53 Claims

1-36. -36. (canceled)

37. An apparatus, comprising:
- a communication interface;
  
  one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising the steps of;
  
  receiving a user request for a protected resource, said resource is in a first domain, redirecting said request to a second domain, and authenticating said user at said second domain.
- View Dependent Claims (38, 42, 44, 45, 46, 53)
- - 38. An apparatus according to claim 37, wherein said method further includes the step of:
    - determining whether said first and second domains reside on a single Web Server.
  - 42. An apparatus according to claim 37, wherein:
    - said second domain is a preferred host.
  - 44. An apparatus according to claim 37, wherein:
    - said system is a Access Management System.
  - 45. An apparatus according to claim 37, wherein:
    - said system is an Access System.
  - 46. An apparatus according to claim 37, wherein:
    - said step of authenticating comprises the steps of;
      
      receiving entered user data;
      
      accessing user identity profile information from a Directory Server; and
      
      comparing said entered user data with said user identity profile information.
  - 53. An apparatus according to claim 45, wherein:
    - said Access System includes an access management system and an identity management system.

39. (canceled)
- View Dependent Claims (40, 43)
- - 40. An apparatus according to claim 39, wherein said method further includes the step of:
    - authorizing said user for said resource.
  - 43. An apparatus according to claim 39, wherein:
    - said cookie is encrypted.

41. (canceled)

47. A method for authenticating a user for a plurality of domains in a network-based system, comprising the steps of:
- receiving a request for a protected resource, said resource is in a first domain;
  
  determining whether said network-based system protects only said first domain or whether it protects multiple domains;
  
  if said network-based system only protects said first domain, authenticating said user for said first domain at said first domain;
  
  if said network-based system protects multiple domains, determining whether each of said multiple domains are on a single server;
  
  if said multiple domains are on said single server;
  
  determining whether said first domain is a preferred domain of said multiple domains, authenticating said user for said first domain at said first domain if said first domain is said preferred domain, and redirecting said request to said preferred domain and authenticating said user for said first domain at said preferred domain if said first domain is not said preferred domain; and
  
  if said multiple domains are not on said single server;
  
  determining whether said first domain is a master domain, authenticating said first user for said first domain at said first domain if said first domain is said master domain, and redirecting said request to said master domain and authenticating said user for said first domain at said master domain if said first domain is not said master domain.
- View Dependent Claims (48, 49, 50)
- - 48. The method of claim 47, wherein authenticating said user for said first domain at said master domain comprises:
    - receiving user data at said master domain, said user data is received at said master domain from said user, accessing user identify profile information for said user from a Directory Server, said user identity profile information including a plurality of attributes having attribute values, wherein at least one of said attribute values includes information other than an authentication certificate, and comparing said received user data with said user identity profile information, said comparing includes comparing said received user data with said information other than an authentication certificate.
  - 49. The method of claim 47, wherein said redirecting said request to said master domain comprises:
    - redirecting said user to said master domain.
  - 50. The method of claim 47, wherein:
    - said network-based system is an Access System including an access management system and an identity management system.

51-52. -52. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Ramamurthy, Srinivasagopalan, Martherus, Robin

Granted Patent

US 7,814,536 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

USER AUTHENTICATION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links