SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON

US 20120023565A1
Filed: 04/28/2011
Published: 01/26/2012
Est. Priority Date: 04/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at a first application of a first system a request to access a protected application of a second system;

generating in response to the request an assertion that asserts an identity in the first system of a user generating the request;

validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system;

determining second account information that is information of a second account of the user in the second system; and

generating a mapping between the first account and the second account using the first account information and the second account information.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor.

Citations

44 Claims

1. A method comprising:
- receiving at a first application of a first system a request to access a protected application of a second system;
  
  generating in response to the request an assertion that asserts an identity in the first system of a user generating the request;
  
  validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system;
  
  determining second account information that is information of a second account of the user in the second system; and
  
  generating a mapping between the first account and the second account using the first account information and the second account information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, comprising providing access to the protected application by the user via the mapping.
  - 3. The method of claim 1, wherein the second system is remote to the first system.
  - 4. The method of claim 1, wherein the generating of the assertion is performed at the first system.
  - 5. The method of claim 1, wherein the generating of the assertion uses security assertion markup language.
  - 6. The method of claim 1, comprising generating a query string parameter in response to the request, wherein the query string parameter includes the assertion.
  - 7. The method of claim 6, comprising generating the query string parameter to include a uniform resource locator corresponding to an electronic location of the protected application.
  - 8. The method of claim 7, comprising, following the mapping, redirecting the user to the protected application using the uniform resource locator.
  - 9. The method of claim 6, comprising generating the query string parameter at the first system and propagating the query string parameter to the second system.
  - 10. The method of claim 1, wherein the validating is performed at the second system using a key provided by the first system.
  - 11. The method of claim 1, wherein the determining the second account information comprises, in response to the first account information, generating a prompt for the second account information.
  - 12. The method of claim 1, wherein the generating the mapping comprises generating the mapping in response to receipt of the second account information.
  - 13. The method of claim 1, comprising authenticating the second account information prior to the generating of the mapping.
  - 14. The method of claim 13, comprising determining that the second account information is associated with a plurality of organizations and prompting the user to select an organization of the plurality of organizations.
  - 15. The method of claim 14, comprising generating the mapping to include the organization selected.
  - 16. The method of claim 1, wherein the mapping comprises generating a logical link between the first account information and the second account information.
  - 17. The method of claim 1, comprising storing the mapping in the second system.
  - 18. The method of claim 1, wherein the first account information comprises an account name of the first account in the first system.
  - 19. The method of claim 1, wherein the second account information comprises an account name of the second account in the second system.
  - 20. The method of claim 19, wherein the second account information comprises a password corresponding to the second account.
  - 21. The method of claim 20, comprising authenticating the password prior to the generating of the mapping.

22. A method comprising:
- receiving at a first application of a first system a request to access a protected application of a second system;
  
  generating an assertion in response to the request, wherein the assertion asserts an identity in the first system of a user generating the request;
  
  validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system;
  
  in response to the first account information, generating a prompt for second account information that is information of a second account of the user in the second system; and
  
  generating a mapping between the first account and the second account in response to receipt of the second account information, wherein the mapping uses the first account information and the second account information.

23. A method comprising:
- receiving at a partner system a request to access a protected application of a host system, wherein the partner system is remote to the host system;
  
  generating a query string parameter in response to the request, wherein the query string parameter includes an assertion of an identity in the partner system of a user generating the request;
  
  propagating the query string parameter to an access application and validating the assertion using a key provided by the partner system;
  
  extracting first account information corresponding to the assertion, wherein the first account information is information of a partner system account corresponding to the user;
  
  generating a prompt for second account information that is information of a host system account corresponding to the user;
  
  generating a logical link between the first account information and the second account information in response to receipt of the second account information; and
  
  providing access to the protected application by the user via the logical link.

24. A method comprising:
- receiving at a first application of a first system a request to access a protected application of a second system;
  
  generating an assertion in response to the request, wherein the assertion asserts an identity in the first system of a user generating the request;
  
  validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system;
  
  in response to the first account information, generating a prompt for second account information that is information of a second account of the user in the second system;
  
  receiving the second account information and determining that the second account information is associated with a plurality of organizations;
  
  determining an organization of the plurality of organizations with which the user is affiliated for purposes of the request; and
  
  generating a mapping between the first account and the second account in response to receipt of the second account information, wherein the mapping uses the first account information and the second account information and includes the organization.

25. A system comprising a first application of a first system coupled to a second application of a second system, wherein the first application receives a request for access to the second application and in response generates an assertion that asserts an identity in the first system of a user corresponding to the request, wherein an access application coupled to the first application and the second application receives and validates the assertion and extracts first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system, wherein the access application determines second account information that is information of a second account of the user in the host system, wherein the access application generates a mapping between the first account and the second account using the first account information and the second account information.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 26. The system of claim 25, wherein the access application provides access to the second application by the user via the mapping.
  - 27. The system of claim 25, wherein the second system is remote to the first system.
  - 28. The system of claim 25, wherein the first application generates the assertion using security assertion markup language.
  - 29. The system of claim 25, wherein, in response to the request, the first application generates a query string parameter that includes the assertion.
  - 30. The system of claim 29, wherein the query string parameter includes a uniform resource locator corresponding to an electronic location of the second application.
  - 31. The system of claim 30, wherein the access application, following the mapping, redirects the user to the second application using the uniform resource locator.
  - 32. The system of claim 25, wherein the access application validates the assertion using a key provided by the first system.
  - 33. The system of claim 25, wherein, in response to the first account information, the access application determines the second account information by generating a prompt for the second account information.
  - 34. The system of claim 25, wherein the access application generates the mapping in response to receipt of the second account information.
  - 35. The system of claim 25, wherein the access application authenticates the second account information prior to the generating of the mapping.
  - 36. The system of claim 35, wherein the access application determines that the second account information is associated with a plurality of organizations and prompts the user to select an organization of the plurality of organizations.
  - 37. The system of claim 36, wherein the access application generates the mapping to include the organization selected.
  - 38. The system of claim 25, wherein the access application generates the mapping by generating a logical link between the first account information and the second account information.
  - 39. The system of claim 25, wherein the mapping is stored.
  - 40. The system of claim 25, wherein the first account information comprises an account name of the first account in the first system.
  - 41. The system of claim 25, wherein the second account information comprises an account name of the second account in the second system.
  - 42. The system of claim 41, wherein the second account information comprises a password corresponding to the second account.
  - 43. The system of claim 42, wherein the access application authenticates the password prior to the generating of the mapping.

44. A system comprising a processor running an access application that receives an assertion from a first system, wherein the assertion is generated in response to a request to access a protected component of a second system, wherein the assertion asserts an identity in the first system of a user corresponding to the request, wherein the access application validates the assertion and extracts first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system, wherein the access application determines second account information that is information of a second account of the user in the second system, wherein the application generates a mapping between the first account and the second account using the first account information and the second account information and provides access to the protected component via the mapping.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OPENLANE, Inc.
Original Assignee
OPENLANE, Inc.
Inventors
TUMANYAN, Hovhannes

Granted Patent

US 9,189,615 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 2221/2103   Challenge-response

G06F 2221/2117   User registration

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links