METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON SERVICE

US 20090119763A1
Filed: 07/30/2008
Published: 05/07/2009
Est. Priority Date: 11/06/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing a Single Sign-On (SSO) service enabling the use of Web services in different trusted domains through a one-time authentication process, the method comprising:

issuing mutual authentication information from a trusted third party to each of ID-federation service providers managing each of trusted domains, and establishing an ID federation between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider;

confirming the first ID-federation service provider managing the first trusted domain to which the user belongs to, when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain;

performing user authentication and mutual authentication between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain; and

the Web service provider authenticating the user in the first trusted domain and providing a corresponding Web service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method and system for providing an SSO service enabling the use of Web services in different trusted domains through a one-time authentication process. In the method, mutual authentication information is issued from a trusted third party to each of ID-federation service providers managing each of trusted domains, and an ID federation established between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider. The first ID-federation service provider managing the first trusted domain, to which the user belongs to, is confirmed when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain. User authentication and mutual authentication arc performed between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain. The Web service provider authenticates the user in the first trusted domain and provides a corresponding Web service.

Citations

19 Claims

1. A method for providing a Single Sign-On (SSO) service enabling the use of Web services in different trusted domains through a one-time authentication process, the method comprising:
- issuing mutual authentication information from a trusted third party to each of ID-federation service providers managing each of trusted domains, and establishing an ID federation between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider;
  
  confirming the first ID-federation service provider managing the first trusted domain to which the user belongs to, when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain;
  
  performing user authentication and mutual authentication between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain; and
  
  the Web service provider authenticating the user in the first trusted domain and providing a corresponding Web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the confirming of the first ID-federation service provider comprises:
    - transmitting an authentication request from the Web service provider to the second ID-federation service provider; and
      
      receiving information of the first ID-federation service provider at the authentication request.
  - 3. The method of claim 1, wherein the performing of the user authentication comprises:
    - transmitting an authentication request from the second ID-federation service provider to the first ID-federation service provider;
      
      performing mutual authentication between the first and second ID-federation service providers using the mutual authentication information issued from the trusted third party;
      
      the first ID-federation service provider providing a login window to the user and generating federated authentication information by receiving an ID and password; and
      
      the second ID-federation service provider receiving the federated authentication information, confirming the federated authentication information, and updating a multiple domain ID management list thereof.
  - 4. The method of claim 3, wherein the providing of the corresponding Web service comprises:
    - transmitting the federated authentication information from the second ID-federation service provider to the second Web service provider; and
      
      the Web service provider receiving the federated authentication information, confirming that the user is an authenticated user, and providing the corresponding Web service to the user.
  - 5. The method of claim 3, wherein the mutual authentication is performed using authentication schemes including a challenge-response scheme and a Diffie-Hellman scheme.
  - 6. The method of claim 3, wherein the federated authentication information is encrypted with a predetermined session key by the first ID-federation service provider, and the encrypted federated authentication information is decrypted with the session key by the second ID-federation service provider.
  - 7. The method of claim 6, wherein the session key is shared by the first and second ID-federation service providers through the mutual authentication between the first and second ID-federation service providers.
  - 8. The method of claim 1, wherein the providing of the corresponding Web service comprises:
    - transmitting a single logout request from the user to the Web service provider;
      
      transmitting a logout request from the Web service provider to the second ID-federation service provider;
      
      transmitting a logout request from the second ID-federation service provider to the first ID-federation service provider;
      
      the first ID-federation service provider completing a user logout and transmitting a logout confirmation message to the second ID-federation service provider; and
      
      the second ID-federation service provider performing a logout to transmit the corresponding information to the Web service provider, and the Web service provider completing a user logout to transmit a logout confirmation message to the user.

9. A method for providing a Single Sign-On (SSO) service enabling the use of Web services in different trusted domains through a one-time authentication process, the method comprising:
- a user registering a real-name user ID in an ID-federation service provider;
  
  the ID-federation service provider issuing an anonymous user ID corresponding to the real-name user ID;
  
  setting one or more Web service providers in the trusted domain as a federated Web service provider at the request of the user; and
  
  the user connecting to the federated Web service provider through the anonymous user ID at the request for connection to the federated Web service provider.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein the setting of the one or more Web service providers as the federated Web service provider comprises:
    - the ID-federation service provider receiving information of a Web service provider to be federated from the user;
      
      transmitting an ID federation request to the Web service provider;
      
      receiving an ID federation confirmation message from the Web service provider;
      
      generating and transmitting federated authentication information to the Web service provider upon receipt of the ID federation confirmation message; and
      
      the Web service provider receiving the federated authentication information and completing user authentication using the received federated authentication information.
  - 11. The method of claim 9, further comprising:
    - the user transmitting an ID federation release request to the ID-federation service provider;
      
      the ID-federation service provider relaying the ID federation release request to the Web service provider; and
      
      the Web service provider releasing the ID federation and transmitting an ID federation release confirmation message to the ID-federation service provider and the user.

12. A system for providing a Single Sign-On (SSO) service enabling the use of Web services in first and second trusted domains through a one-time authentication process, the system comprising:
- a first ID-federation service provider for managing a plurality of first Web service providers in the first trusted domain;
  
  a second ID-federation service provider for managing a plurality of second Web service providers in the second trusted domain; and
  
  a trusted third party for issuing authentication information for authentication of the first and second ID-federation service providers,wherein when a service provision request is transmitted from a user terminal in the first trusted domain to the second Web service provider in the second trusted domain, the first and second ID-federation service providers perform mutual authentication by using the authentication information and perform a user authentication process by sharing federated authentication information generated by the first ID-federation service provider.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the second ID-federation service provider receives an authentication request from the second Web service provider, confirms the first ID-federation service provider from the user, and transmits a user authentication request to the first ID-federation service provider.
  - 14. The system of claim 13, wherein the first ID-federation service provider authenticates the user in response to the user authentication request, generates federated authentication information, and transmits the federated authentication information to the second ID-federation service provider.
  - 15. The system of claim 14, wherein the second Web service provider receives the federated authentication information from the second ID-federation service provider, performing the user authentication by using the federated authentication information, and provides a corresponding Web service.
  - 16. The system of claim 12, wherein the first and the second ID-federation service provider issues an anonymous user ID corresponding to a registered real-name ID of a user in the first/second trusted domain.
  - 17. The system of claim 12, wherein the first and second ID-federation service providers share a session key generated through the mutual authentication, and encrypt or decrypt the federated authentication information with the session key.
  - 18. The system of claim 12, wherein the first or second ID-federation service provider includes a multiple domain ID management table for managing the anonymous IDs of users in other trusted domains.
  - 19. The system of claim 12, wherein the federated authentication information is generated using pre-registered authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
PARK, So-Hee, LIM, Jae-Deok, CHOI, Byeong-Cheol, KIM, Jeong-Nyeo

Application Number

US12/182,536
Publication Number

US 20090119763A1
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3273   for mutual authentication n...

METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links