METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON SERVICE
First Claim
1. A method for providing a Single Sign-On (SSO) service enabling the use of Web services in different trusted domains through a one-time authentication process, the method comprising:
- issuing mutual authentication information from a trusted third party to each of ID-federation service providers managing each of trusted domains, and establishing an ID federation between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider;
confirming the first ID-federation service provider managing the first trusted domain to which the user belongs to, when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain;
performing user authentication and mutual authentication between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain; and
the Web service provider authenticating the user in the first trusted domain and providing a corresponding Web service.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method and system for providing an SSO service enabling the use of Web services in different trusted domains through a one-time authentication process. In the method, mutual authentication information is issued from a trusted third party to each of ID-federation service providers managing each of trusted domains, and an ID federation established between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider. The first ID-federation service provider managing the first trusted domain, to which the user belongs to, is confirmed when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain. User authentication and mutual authentication arc performed between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain. The Web service provider authenticates the user in the first trusted domain and provides a corresponding Web service.
-
Citations
19 Claims
-
1. A method for providing a Single Sign-On (SSO) service enabling the use of Web services in different trusted domains through a one-time authentication process, the method comprising:
-
issuing mutual authentication information from a trusted third party to each of ID-federation service providers managing each of trusted domains, and establishing an ID federation between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider; confirming the first ID-federation service provider managing the first trusted domain to which the user belongs to, when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain; performing user authentication and mutual authentication between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain; and the Web service provider authenticating the user in the first trusted domain and providing a corresponding Web service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for providing a Single Sign-On (SSO) service enabling the use of Web services in different trusted domains through a one-time authentication process, the method comprising:
-
a user registering a real-name user ID in an ID-federation service provider; the ID-federation service provider issuing an anonymous user ID corresponding to the real-name user ID; setting one or more Web service providers in the trusted domain as a federated Web service provider at the request of the user; and the user connecting to the federated Web service provider through the anonymous user ID at the request for connection to the federated Web service provider. - View Dependent Claims (10, 11)
-
-
12. A system for providing a Single Sign-On (SSO) service enabling the use of Web services in first and second trusted domains through a one-time authentication process, the system comprising:
-
a first ID-federation service provider for managing a plurality of first Web service providers in the first trusted domain; a second ID-federation service provider for managing a plurality of second Web service providers in the second trusted domain; and a trusted third party for issuing authentication information for authentication of the first and second ID-federation service providers, wherein when a service provision request is transmitted from a user terminal in the first trusted domain to the second Web service provider in the second trusted domain, the first and second ID-federation service providers perform mutual authentication by using the authentication information and perform a user authentication process by sharing federated authentication information generated by the first ID-federation service provider. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification