Authentication
First Claim
1. In a home server of an organisation, a method for obtaining access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with the home server and with a foreign server, the foreign server being capable of granting access to the external service, the method comprising:
- detecting a request of the client;
maintaining a shared secret common to the organisation and the external service;
identifying in the request a pointer to an authentication script;
responsive to the request, performing by the authentication script;
obtaining at least one detail related to the user;
passing the at least one detail and the shared secret or a derivative of the shared secret to the foreign server;
receiving from the foreign server access data that enables the client to access the external service; and
passing the access data to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
User authentication is based on a home network user database that authenticates users to external service providers. A user logs into home network and starts accessing the external service by clicking on a link labelled for the external service provider. The link is directed to script at a home server. The script causes the home server to obtain details related to the user from a home network user database. The home server passes information related to the user to a foreign server associated with the service provider. Based on the passed information, the foreign server grants or denies authentication of the user to the external service. If granting, the foreign server provides the home server with access data and the home server forwards the access data to the user so that the user can initialise an authorised external service session using the access data.
59 Citations
25 Claims
-
1. In a home server of an organisation, a method for obtaining access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with the home server and with a foreign server, the foreign server being capable of granting access to the external service, the method comprising:
detecting a request of the client; maintaining a shared secret common to the organisation and the external service; identifying in the request a pointer to an authentication script; responsive to the request, performing by the authentication script; obtaining at least one detail related to the user; passing the at least one detail and the shared secret or a derivative of the shared secret to the foreign server; receiving from the foreign server access data that enables the client to access the external service; and passing the access data to the client. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A home server for obtaining access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with the home server and with a foreign server, the foreign server being capable of granting access to the external service, the home server comprising:
means for detecting a request of the client; a memory for storing a shared secret common to the organisation and the external service; a processor configured to identify in the request a pointer to an authentication script and, responsive to the request, to perform by the script; obtaining at least one detail related to the user; passing the at least one detail and the shared secret or a derivative of the shared secret to the foreign server; receivinge from the foreign server access data that enables the client to access the external service; and passing the access data to the client. - View Dependent Claims (8, 9, 10, 11)
-
12. In a foreign server, a method for providing access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with a home server and with the foreign server, wherein the home server is associated with a given organisation, the method comprising:
receiving from the home server a) a shared secret common to the organisation and the external service or a derivative of the shared secret and b) at least one detail related to the user; determining the organisation associated with the home server, based on the shared secret; and responsively to a positive determination, providing the home server with access data that enables the client to access the external service. - View Dependent Claims (13, 14, 15, 16, 17)
-
18. A foreign server for providing access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with a home server and with the foreign server, wherein the home server is associated with a given organisation, the foreign server comprising:
means for receiving from the home server a) a shared secret common to the organisation and the external service or a derivative of the shared secret and b) at least one detail related to the user; means for determining the organisation associated with the home server, based on the shared secret; and means for providing the home server with access data that enables the client to access the external service, responsively to a positive determination. - View Dependent Claims (19, 20, 21, 22, 23)
-
24. A computer program comprising computer executable program code stored in a computer readable medium, the program being configured to control a home server of an organisation to obtain access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with the home server and with a foreign server, the foreign server being capable of granting access to the external service, the computer program comprising computer program code configured when run by the home server to:
detect a request of the client; maintain a shared secret common to the organisation and the external service; identify in the request a pointer to an authentication script; responsive to the request, perform by the authentication script; obtain at least one detail related to the user; pass the at least one detail and the shared secret or a derivative of the shared secret to the foreign server; receive from the foreign server access data that enables the client to access the external service; and pass the access data to the client.
-
25. A computer program comprising computer executable program code stored in a computer readable medium, the program being configured to control a foreign server to provide access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with a home server and with the foreign server, wherein the home server is associated with a given organisation, the computer program comprising computer program code configured when run by the foreign server to:
receive from the home server a) a shared secret common to the organisation and the external service or a derivative of the shared secret and b) at least one detail related to the user; determine the organisation associated with the home server, based on the shared secret; and responsively to a positive determination, to provide the home server with access data that enables the client to access the external service.
Specification