METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY

US 20120167193A1
Filed: 07/16/2010
Published: 06/28/2012
Est. Priority Date: 08/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server, comprising:

instigating an authentication process through a browser in order for a user to obtain access to the back-end server;

intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server;

completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server can include instigating an authentication process through a browser for a user to obtain access to the back-end server, intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server, and completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.

Citations

28 Claims

1. A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server, comprising:
- instigating an authentication process through a browser in order for a user to obtain access to the back-end server;
  
  intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server;
  
  completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.
- View Dependent Claims (2, 3, 4, 5, 6, 10, 11)
- - 2. The method of claim 1 wherein the asynchronous engine is an AJAX engine.
  - 3. The method of claim 1, further comprising storing a user ID and a password in respect of one or more servers in the authentication profiling service.
  - 4. The method of claim 1, further comprising using the authentication profiling service for storing all user IDs and passwords for a user to enable connection to any server.
  - 5. The method of claim 1, further comprising:
    - responsive to a user request, the asynchronous engine updating a user password on the back-end server.
  - 6. The method of claim 5, further comprising synchronizing the password change for each server where the original password is in common.
  - 10. The method of claim 1 wherein the routine is written in a language understandable by the browser.
  - 11. The method of claim 1 wherein the routine is written in Javascript.

7. A method for creating an account for a Single Sign-on between a reverse proxy and a back-end server, comprising:
- instigating an account request through a browser in order for a user to obtain access to the back-end server;
  
  intercepting a request for information from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an AJAX engine between the browser and the reverse proxy executing an account creation process with an authentication profiling service by means of the AJAX engine, in order to retrieve the account information for the back-end server;
  
  sending the account information to the back-end server for completion of an account creation;
  
  completing an authentication process to allow the user access to the back-end server through the AJAX engine.

8. A method for changing a password in a Single Sign-on between a reverse proxy and a back-end server, comprising:
- instigating a change password process through a browser in order for a user to obtain access to the back-end server with a new password;
  
  intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an AJAX engine between the browser and the reverse proxy executing a change password process with an authentication profiling service using the AJAX engine, in order to retrieve the login information with a new password for the back-end server;
  
  sending the login information and new password to the back-end server for registration thereof;
  
  completing an authentication process to allow the user access to the back-end server through the AJAX engine with the new password.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising synchronizing the change password with any other server which has the same original password.

12-14. -14. (canceled)

15. A system comprising:
- a data processing system configured to perform executable operations comprising;
  
  instigating an authentication process through a browser in order for a user to obtain access to the back-end server;
  
  intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server;
  
  completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15 wherein the asynchronous engine is an AJAX engine.
  - 17. The system of claim 15 wherein the data processing system is further configured to perform an executable operation comprising:
    - storing a user ID and a password in respect of one or more servers in the authentication profiling service.
  - 18. The system of claim 15 wherein the data processing system is further configured to perform an executable operation comprising:
    - using the authentication profiling service for storing all user IDs and passwords for a user to enable connection to any server.
  - 19. The system of claim 15 wherein responsive to a user request, the asynchronous engine updates a user password on the back-end server.
  - 20. The system of claim 15 wherein the data processing system is further configured to perform an executable operation comprising:
    - synchronizing the password change for each server where the original password is in common.
  - 21. The system of claim 15 wherein the routine is written in a language understandable by the browser.

22. A computer program product, comprising:
- a computer readable storage medium having stored thereon program code that, when executed, configures a data processing system to perform executable operations comprising;
  
  instigating an authentication process through a browser in order for a user to obtain access to the back-end server;
  
  intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server;
  
  completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The computer program product of claim 22 wherein the asynchronous engine is an AJAX engine.
  - 24. The computer program product of claim 22 wherein the computer readable storage medium further stores program code that configures the data processing system to perform an executable operation comprising:
    - storing a user ID and a password in respect of one or more servers in the authentication profiling service.
  - 25. The computer program product of claim 22 wherein the computer readable storage medium further stores program code that configures the data processing system to perform an executable operation comprising:
    - using the authentication profiling service for storing all user IDs and passwords for a user to enable connection to any server.
  - 26. The computer program product of claim 22 wherein responsive to a user request, the asynchronous engine updates a user password on the back-end server.
  - 27. The computer program product of claim 22 wherein the computer readable storage medium further stores program code that configures the data processing system to perform an executable operation comprising:
    - synchronizing the password change for each server where the original password is in common.
  - 28. The computer program product of claim 22 wherein the routine is written in a language understandable by the browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Gargaro, Gianluca, Trinchini, Patrizio, Ruggiero, Gaetano

Granted Patent

US 8,763,104 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0281   Proxies

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links