SYSTEM AND METHOD FOR PROVIDING SILENT SIGN ON ACROSS DISTRIBUTED APPLICATIONS

US 20100146613A1
Filed: 02/12/2010
Published: 06/10/2010
Est. Priority Date: 11/16/2004
Status: Active Grant

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for a distributed computing system where a user can login to a client computer and access a number of different applications installed on web servers. These applications are then provided access to data in mainframe systems without a user having to enter mainframe user id or password information for gaining access to the mainframe system. The system and method can utilize a sign on object which is installed onto the client computer. The sign on object operates to obtain and transmit a security token which authorizes access to the mainframe system, and the security token does not require the use of the cookie data. This system and method can pass the security token through the web server and the web application in an encrypted form which limits security risks.

Citations

35 Claims

1-15. -15. (canceled)

16. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
- receiving a user login by a client computer;
  
  receiving a selection of an application from a browser operating on the client computer, the application residing on a server computer;
  
  receiving, with an automatic sign on procedure module loaded on the client computer, a sign on procedure signal;
  
  obtaining a security token using the automatic sign on procedure module; and
  
  accessing data stored on the mainframe computer system with the client computer through the selected application utilizing the security token.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, wherein the automatic sign on procedure module is a browser helper object on the client computer.
  - 18. The method of claim 17, further including:
    - generating a trusted site table by the client computer;
      
      using the browser helper object on the client computer to determine if the selected application is in the trusted site table.
  - 19. The method of claim 17, further including:
    - using the browser helper object on the client computer to transmit a client computer user identifier to an authentication server;
      
      receiving, by the client computer, a mainframe user identifier correlated to the client computer user identifier.
  - 20. The method of claim 19, further including:
    - transmitting the security token, by the client computer, through the browser helper object.
  - 21. The method of claim 20, further including:
    - generating the security token in the authentication server;
      
      encrypting the security token in the authentication server prior to transmitting the security token from the authentication server.
  - 22. The method of claim 18, further including:
    - storing trusted site information in the mainframe computer system;
      
      wherein generating the trusted site table on the client computer includes receiving, by the client computer, the stored trusted site information from the mainframe computer system.
  - 23. The method of claim 16, wherein the security token includes a mainframe user identifier for the mainframe computer system corresponding to the user logged onto the client computer.

24. A distributed system for providing a user with access to an application which utilizes information stored in a mainframe computer system, the distributed system including:
- a client computer coupled to a network, wherein a client computer processor of the client computer is programmed to provide web browser functions, and the client computer processor is also programmed to use a sign on module to obtain a security token to gain access to restricted data in the mainframe computer system;
  
  wherein the restricted data in the mainframe computer system is stored in a database in the mainframe computer system, the mainframe computer system being coupled to the network; and
  
  wherein a server coupled to the network is programmed to execute an application in response to a user selecting the application with the web browser, and the server transmits a signal to the client computer which causes the sign on module to obtain the security token for gaining access to the restricted data in the mainframe computer system.
- View Dependent Claims (25, 26, 28, 29)
- - 25. The distributed system of claim 24, further including:
    - an authentication server coupled to the network and programmed to transmit the security token to the client computer in response to a signal received from the sign on module.
  - 26. The distributed system of claim 24 further including:
    - a middleware computer coupled to the network and programmed to receive and process the security token to establish communications between the selected application and the mainframe computer system.
  - 28. The distributed system of claim 24, wherein the client computer processor is programmed with a browser application, and the sign on module is a browser helper object which provides the browser application with sign on functions.
  - 29. The distributed system of claim 24, wherein:
    - the client computer includes a table of trusted site information, the table of trusted site information being received from the mainframe computer system; and
      
      wherein the client computer operates to receive the trusted site information from the mainframe computer system, and verifies that the user selected application is identified as an application having access to restricted data in the mainframe computer system, prior to obtaining the security token.

27. The distributed system of 25, wherein the authentication server operates to generate the security token, and the security token includes a mainframe user identifier for the mainframe computer system for a user logged onto the client computer.

30. A non-transitory tangible computer readable medium containing computer instructions that when executed by a computer processor on a client computer cause the computer processor to execute steps comprising:
- receiving a user login by the client computer;
  
  receiving, by the client computer, a selection of an application residing on a server computer from a browser on the client computer;
  
  receiving, with an automatic sign on procedure module running on the client computer, a sign on procedure signal;
  
  obtaining a security token using the automatic sign on procedure module; and
  
  accessing data stored on the mainframe computer system with the client computer through the selected application utilizing the security token.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The non-transitory tangible computer readable medium of claim 30, wherein the automatic sign on procedure module is a browser helper object on the client computer, wherein the browser helper object comprises a Dynamic Linked Library.
  - 32. The non-transitory tangible computer readable medium of claim 30 wherein the automatic sign on procedure module receives a setting to lock the client computer after a period of inactivity defined by the setting.
  - 33. The non-transitory tangible computer readable medium of claim 30 wherein the security token is encrypted, wherein the security token can not be decrypted by the server.
  - 34. The non-transitory tangible computer readable medium of claim 30 wherein the security token includes a user identifier for the mainframe computer system and an IP address of the client computer.
  - 35. The non-transitory tangible computer readable medium of claim 30 further including instructions for prompting the user to enter a mainframe user identifier and password if the automatic sign on procedure module fails to obtain the security token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Charles Schwab & Company Incorporated (Charles Schwab Corporation)
Original Assignee
Charles Schwab & Company Incorporated (Charles Schwab Corporation)
Inventors
Kakarla, Janardhan, Brietzke, Michael B., Hall, Ian G.

Granted Patent

US 8,701,173 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/0815 providing single-sign-on or...

SYSTEM AND METHOD FOR PROVIDING SILENT SIGN ON ACROSS DISTRIBUTED APPLICATIONS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROVIDING SILENT SIGN ON ACROSS DISTRIBUTED APPLICATIONS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links