SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS

US 20110119747A1
Filed: 11/17/2010
Published: 05/19/2011
Est. Priority Date: 11/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a client to multiple server resources each with a standalone authentication system, the method comprising:

initiating a login session with the authentication system of a primary one of the multiple server resources;

transmitting a first set of login credentials from the client to the authentication system of the primary one of the multiple server resources;

validating the client to the primary one of the multiple server resources based upon the first set of login credentials;

storing on the client a token received from the authentication system of the primary one of the multiple resources;

transmitting the token and a second set of login credentials different from the first set of login credentials to a secondary one of the multiple server resources, the second set of login credentials being retrieved from the client; and

validating the client to the authentication system of the secondary one of the multiple server resources based upon the transmitted token and the second set of login credentials.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.

109 Citations

View as Search Results

19 Claims

1. A method for authenticating a client to multiple server resources each with a standalone authentication system, the method comprising:
- initiating a login session with the authentication system of a primary one of the multiple server resources;
  
  transmitting a first set of login credentials from the client to the authentication system of the primary one of the multiple server resources;
  
  validating the client to the primary one of the multiple server resources based upon the first set of login credentials;
  
  storing on the client a token received from the authentication system of the primary one of the multiple resources;
  
  transmitting the token and a second set of login credentials different from the first set of login credentials to a secondary one of the multiple server resources, the second set of login credentials being retrieved from the client; and
  
  validating the client to the authentication system of the secondary one of the multiple server resources based upon the transmitted token and the second set of login credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the token is selected from a group consisting of:
    - a browser cookie, a stay resident variable, and an application flag.
  - 3. The method of claim 1, wherein the token includes an account identifier associated with a user account on the primary one and the secondary one of the multiple server resources.
  - 4. The method of claim 1, wherein the second set of login credentials is a digital certificate.
  - 5. The method of claim 4, wherein the digital certificate is stored on the client.
  - 6. The method of claim 4, wherein the digital certificate is stored on an external hardware device readable by the client.
  - 7. The method of claim 4, wherein the digital certificate is associated with a complementary client application of the authentication system of the secondary one of the multiple server resources.
  - 8. The method of claim 4, wherein the digital certificate is associated with a client application independent of the authentication system of the secondary one of the multiple server resources.
  - 9. The method of claim 1, further comprising:
    - transmitting the second set of login credentials from the client to the authentication system of the primary one of the multiple server resources;
      
      wherein the step of validating the client to the primary one of the multiple server resources is further based upon the second set of login credentials.

10. A method for authenticating a client to multiple server resources each with a standalone authentication system, comprising;
- receiving a first set of login credentials from the client to the authentication system of a primary one of the multiple server resources;
  
  validating the client to the primary one of the multiple server resources based upon the first set of login credentials;
  
  transmitting to the client a token generated by the authentication system of the primary one of the multiple resources in response to a successful validation of the first set of login credentials;
  
  receiving on a secondary one of the multiple server resources the token and a second set of login credentials different from the first set of login credentials, the second set of login credentials being retrieved from the client; and
  
  validating the client to the authentication system of the secondary one of the multiple server resources based upon the received token and the second set of login credentials.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the token is selected from a group consisting of:
    - a browser cookie, a stay resident variable, and an application flag.
  - 12. The method of claim 10, wherein the token includes an account identifier associated with a user account on the primary one and the secondary one of the multiple server resources.
  - 13. The method of claim 10, wherein the second set of login credentials is a digital certificate.
  - 14. The method of claim 13, wherein the digital certificate is stored on the client.
  - 15. The method of claim 13, wherein the digital certificate is stored on an external hardware device readable by the client.
  - 16. The method of claim 13, wherein the digital certificate is associated with a complementary client application of the authentication system of the secondary one of the multiple server resources.
  - 17. The method of claim 13, wherein the digital certificate is associated with a client application independent of the authentication system of the secondary one of the multiple server resources.
  - 18. The method of claim 10, further comprising:
    - receiving the second set of login credentials on the primary one of the multiple server resources;
      
      wherein;
      
      the step of validating the client to the primary one of the multiple server resources is further based upon the second set of login credentials; and
      
      the step of transmitting the token is in response to a successful validation of the second set of login credentials.

19. An article of manufacture comprising a program storage medium readable by a computer, the medium tangibly embodying one or more programs of instructions executable by the computer to perform a method for authenticating a client to multiple server resources each with a standalone authentication system, the method comprising;
- receiving a first set of login credentials from the client to the authentication system of a primary one of the multiple server resources;
  
  validating the client to the primary one of the multiple server resources based upon the first set of login credentials;
  
  transmitting to the client a token generated by the authentication system of the primary one of the multiple resources;
  
  receiving on a secondary one of the multiple server resources the token and a second set of login credentials different from the first set of login credentials, the second set of login credentials being retrieved from the client; and
  
  validating the client to the authentication system of the secondary one of the multiple server resources based upon the received token and the second set of login credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureAuth Incorporated
Original Assignee
SecureAuth Incorporated
Inventors
LAMBIASE, MARK

Granted Patent

US 8,613,067 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2151   Time stamp

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links