INTERSYSTEM SINGLE SIGN-ON

US 20070240206A1
Filed: 03/21/2007
Published: 10/11/2007
Est. Priority Date: 03/22/2006
Status: Active Grant

First Claim

Patent Images

1. A method for intersystem single sign-on (SSO), the method comprising:

obtaining a user'"'"'s ID information associated with a first system;

in the first system, obtaining the user'"'"'s ID information associated with a second system from the user'"'"'s ID information associated with the first system according to a user ID mapping relationship between the first system and the second system; and

sending the user'"'"'s ID information associated with the second system to the second system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for intersystem Single Sign-On use intersystem user ID mapping to map user IDs of multiple systems. In one implementation, a method obtains a user'"'"'s ID information associated with a first system, and obtains the user'"'"'s ID information associated with a second system from the user'"'"'s ID information associated with the first system according to the intersystem user ID mapping table. The first system sends the user'"'"'s ID information associated with the second system to the second system, which may allow the user to automatically log on upon successful user ID verification. The user ID information communicated between the systems may be encrypted and decrypted using digital signature techniques. Systems for accomplishing the method are also provided.

Citations

28 Claims

1. A method for intersystem single sign-on (SSO), the method comprising:
- obtaining a user'"'"'s ID information associated with a first system;
  
  in the first system, obtaining the user'"'"'s ID information associated with a second system from the user'"'"'s ID information associated with the first system according to a user ID mapping relationship between the first system and the second system; and
  
  sending the user'"'"'s ID information associated with the second system to the second system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, further comprising:
    - in the first system, creating a signature attached to the user'"'"'s ID information associated with the second system, and sending the signature along with the user'"'"'s ID information associated with the second system to the second system; and
      
      in the second system, verifying the user'"'"'s ID information by examining the signature received.
  - 3. The method as recited in claim 2, wherein the user is first signed on the first system, the method further comprising:
    - in the second system, allowing the user to be signed on the second system if the user'"'"'s ID information is verified.
  - 4. The method as recited in claim 2 wherein creating the signature takes place upon receiving an indication that the user intends to sign on the second system.
  - 5. The method as recited in claim 2 wherein creating the signature takes place upon receiving a logon request redirected to the first system by the second system,
  - 6. The method as recited in claim 5, further comprising:
    - redirecting the logon request back to the second system upon creating the signature.
  - 7. The method as recited in claim 1 wherein the user is first signed on the first system, the method further comprising:
    - in the second system, allowing the user to be signed on the second system after receiving the user'"'"'s ID information associated with the second system.
  - 8. The method as recited in claim 1, further comprising:
    - in the first system, requesting the user to sign on to verify the user'"'"'s ID if the user is not already signed on the first system.
  - 9. The method as recited in claim 1, further comprising:
    - indicating to the second system that the user is being redirected from the first system.

10. A method for intersystem single sign-on (SSO), the method comprising:
- in a first system, obtaining a user'"'"'s ID information associated with a first system;
  
  in the first system, obtaining the user'"'"'s ID information associated with a second system from the user'"'"'s ID information associated with the first system according to a user ID mapping relationship between the first system and the second system;
  
  in the first system, creating a signature attached to the user'"'"'s ID information associated with the second system; and
  
  sending the signature along with the user'"'"'s ID information associated with the second system to the second system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method as recited in claim 10 wherein the signature comprises a cryptographic digital signature.
  - 12. The method as recited in claim 11, further comprising:
    - in the second system, decrypting the cryptographic digital signature to validate the signature.
  - 13. The method as recited in claim 11, further comprising:
    - in the second system, verifying the user'"'"'s ID information associated with the second system by decrypting the cryptographic digital signature received, and allowing the user to be signed on the second system if the user'"'"'s ID information is verified.
  - 14. The method as recited in claim 10, further comprising:
    - in the first system, time-stamping the signature or the user'"'"'s ID information associated with the second system before sending the signature or the user'"'"'s ID information to the second system; and
      
      in the second system, validating the signature or the user'"'"'s ID information by checking time-stamping information.
  - 15. The method as recited in claim 14, wherein checking time-stamping information comprises comparing a present stamped time with a previous stamped time associated with the same user.
  - 16. The method as recited in claim 10, wherein creating the signature comprises encrypting a text string using public-key encryption or private-key encryption.
  - 17. The method as recited in claim 10, wherein creating the signature comprises hashing a digital content to generate a hash text string.
  - 18. The method as recited in claim 17 wherein the digital content comprises at least a part of the user'"'"'s ID information associated with the second system.
  - 19. The method as recited in claim 10, further comprising:
    - in the second system, verifying the user'"'"'s ID information associated with the second system by examining the signature received;
      
      allowing the user to be signed on the second system if the user'"'"'s ID information is verified; and
      
      restricting the privileges of the user signed on the second system.
  - 20. The method as recited in claim 10, further comprising:
    - in the second system, verifying the user'"'"'s ID information associated with the second system by examining the signature received;
      
      allowing the user to be signed on the second system and establishing a session for the user if the user'"'"'s ID information is verified; and
      
      keeping a log record of at least some of the user'"'"'s logon and session information.

21. One or more computer readable media containing computer-executable instructions to enable an intersystem single sign-on (SSO) procedure, the procedure comprising:
- in a first system, obtaining a user'"'"'s ID information associated with a first system;
  
  in the first system, obtaining the user'"'"'s ID information associated with a second system from the user'"'"'s ID information associated with the first system according to a user ID mapping relationship between the first system and the second system;
  
  in the first system, creating a signature attached to the user'"'"'s ID information associated with the second system; and
  
  sending the signature along with the user'"'"'s ID information associated with the second system to the second system.
- View Dependent Claims (22)
- - 22. The computer readable media as recited in claim 21 wherein the signature comprises a cryptographic digital signature.

23. A system for verifying intersystem user sign-on, the system comprising:
- a data storage containing a user ID library and user ID mapping data, which user ID matching data defines a mapping relationship between user ID information associated with the said system and user ID information associated with a partner system; and
  
  an ID verification device in communication with the data storage, wherein the ID verification device uses the user ID library stored in the data storage to verify ID of a user requesting logon and to determine the user'"'"'s ID information associated with the said system, and wherein the said system uses the user ID matching data to determine the user'"'"'s ID information associated with the partner system from the user'"'"'s ID information associated with the said system.
- View Dependent Claims (24, 25)
- - 24. The system as recited in claim 23, further comprising a signature generator for generating a signature attached to the user ID information associated with the partner system.
  - 25. The system as recited in claim 24, wherein the signature generator comprises a encryption algorithm.

26. A system for verifying intersystem user sign-on, the system comprising:
- a data storage to store user ID information associated with the said system;
  
  a signature verification device to decrypt a signature attached to a user'"'"'s ID information received from a partner system; and
  
  an ID verification device to verify the user'"'"'s ID information received from the partner system using the user ID information stored in the data storage.
- View Dependent Claims (27, 28)
- - 27. The system as recited in claim 26 wherein the system allows the user to logon upon a successful verification of the signature by the signature verification device.
  - 28. The system as recited in claim 27 further comprising a user privilege controller for limiting privileges of the user according to the user'"'"'s logon manner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Alibaba.com Incorporated (Alibaba Group Holding Ltd.)
Inventors
Cheng, Li, Qian, Zhilong, Wu, Yongming

Granted Patent

US 8,250,095 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/12 Applying verification of th...

INTERSYSTEM SINGLE SIGN-ON

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

INTERSYSTEM SINGLE SIGN-ON

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links