SYSTEM AND METHOD FOR ACCESSING INTEGRATED APPLICATIONS IN A SINGLE SIGN-ON ENABLED ENTERPRISE SOLUTION

US 20130290719A1
Filed: 01/13/2011
Published: 10/31/2013
Est. Priority Date: 01/13/2011
Status: Active Grant

First Claim

Patent Images

1. A method for performing access management to facilitate a user to access one or more applications in a single sign-on enabled enterprise solution, the method comprising the steps of:

performing data transaction between a server and a client for authenticating the user, wherein the data transaction comprises;

transmitting a challenge token and a response token between the server and the client, wherein the challenge token and the response token comprises one-way hashed data; and

verifying the response token at the server and at the client using the one-way hashed data;

andperforming data transaction between the server and the client for authorizing the user to access one or more applications, wherein the data transaction comprises;

transmitting a request for service token between the server and the client, wherein the request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client;

transmitting a service token between the server and the client, wherein the service token is encrypted and decrypted at the server using a secret key to verify the service token; and

rendering the requested one or more applications on a user interface of the client based on the verification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for performing access management to facilitate a user to access applications in a single sign-on enabled enterprise solution is provided. A challenge token and a response token are transmitted between a server and a client. The challenge token and response token comprises one-way hashed data. The response token is verified at the server and the client to authenticate the user. Further, a request for service token is transmitted between the server and the client. The request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client. A service token is generated and transmitted between the server and the client. The service token is encrypted and decrypted at the server using a secret key to verify the service token. Based on the verification, the requested applications are rendered on client based user interface.

41 Citations

View as Search Results

16 Claims

1. A method for performing access management to facilitate a user to access one or more applications in a single sign-on enabled enterprise solution, the method comprising the steps of:
- performing data transaction between a server and a client for authenticating the user, wherein the data transaction comprises;
  
  transmitting a challenge token and a response token between the server and the client, wherein the challenge token and the response token comprises one-way hashed data; and
  
  verifying the response token at the server and at the client using the one-way hashed data;
  
  andperforming data transaction between the server and the client for authorizing the user to access one or more applications, wherein the data transaction comprises;
  
  transmitting a request for service token between the server and the client, wherein the request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client;
  
  transmitting a service token between the server and the client, wherein the service token is encrypted and decrypted at the server using a secret key to verify the service token; and
  
  rendering the requested one or more applications on a user interface of the client based on the verification.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the step of performing data transaction between a server and a client for authenticating the user comprises the steps of:
    - receiving, at a client, a first challenge token from a server, wherein the first challenge token comprises a one-way hashed random number;
      
      receiving, at a server, a first response token from the client, wherein the first response token comprises a one-way hash of first challenge token and a one-way hashed password of the user;
      
      verifying, at the server, the first response token based on comparing the first response token with hash of the hashed first challenge token and a one-way hashed password;
      
      receiving, at the server, a second challenge token, wherein the second challenge token comprises a one-way hashed random number;
      
      receiving, at the client, a second response token, wherein the second response token comprises a one-way hashed second challenge token and a one-way hashed password of the user;
      
      verifying, at the client, the second response token based on comparing the second response token with hash of the hashed second challenge token and a one-way hashed password; and
      
      authenticating the user based on the verification.
  - 3. The method of claim 1 further comprising:
    - generating, at the server, a unique session identification associated with the user, wherein the unique session identification is a random number; and
      
      storing the unique session identification in a database.
  - 4. The method of claim 3 further comprising:
    - creating, at the server, the unique session key after authenticating the user, wherein the unique session key comprises at least one of;
      
      user identification, session identification and a timestamp;
      
      encrypting the unique session key using the one-way hashed password;
      
      receiving, at the client, the encrypted unique session key;
      
      decrypting the unique session key using the one-way hashed password; and
      
      storing the decrypted unique session key in a memory associated with the client.
  - 5. The method of claim 1, wherein the step of performing data transaction between the server and the client for authorizing the user to access the application comprises the steps of:
    - generating and encrypting, at the client, the request for service token, wherein the request for service token is encrypted using the unique session key, further wherein the request for service token represents request for accessing one or more applications;
      
      receiving and decrypting, at the server, the encrypted request for service token, wherein the encrypted request for service token is decrypted using the unique session key;
      
      generating and encrypting, at the server, a service token corresponding to the request for service token, wherein the service token is encrypted using the secret key, further wherein the service token comprises data for accessing the application;
      
      receiving, at the client, the encrypted service token;
      
      receiving, at an application server from the client, the encrypted service token, wherein the application server corresponds to the requested application;
      
      receiving, at the server, the encrypted service token from the application server;
      
      decrypting, at the server, the encrypted service token to verify the service token, wherein the encrypted service token is decrypted using the secret key; and
      
      rendering the requested one or more applications on a web-based user interface of the client based on the verification.
  - 6. The method of claim 1, wherein the request for service token comprises at least one of:
    - internet protocol address associated with a client and application name associated with the requested one or more applications.
  - 7. The method of claim 6, wherein the service token comprises at least one of:
    - internet protocol address associated with the client, user identification, session identification and a unique name associated with the requested one or more applications.

8. A system for performing access management to facilitate a user to access one or more applications in a single sign-on (SSO) enabled enterprise solution, the system comprising:
- an authentication and authorization module configured to enable the user to access one or more applications via a unified web-based user interface during a user'"'"'s login session, wherein the authentication is challenge-response based user authentication and authorization is token-based authorization;
  
  a feature switching module configured to facilitate the user to switch between one or more features provided in the web-based user interface during the user'"'"'s login session; and
  
  a context switching module, configured to facilitate one application to access one or more data pertaining to another application during the user'"'"'s login session by invoking a script language instruction via the web-based user interface.
- View Dependent Claims (9)
- - 9. The system for claim 8, wherein the authentication and authorization module comprises:
    - a SSO server module associated with a SSO server; and
      
      a SSO client module associated with one or more client applications;
      
      wherein,the SSO server module is configured to initiate and complete challenge-response based user authentication and token-based authorization with the SSO client module to enable the user to access one or more integrated applications present in the single sign-on (SSO) enabled enterprise solution.

10. A computer program product for performing access management to facilitate a user to access one or more applications in a single sign-on enabled enterprise solution, the computer program product comprising:
- program instruction code for performing data transaction between a server and a client for authenticating the user, wherein the data transaction comprises;
  
  transmitting a challenge token and a response token between the server and the client, wherein the challenge token and the response token comprises one-way hashed data; and
  
  verifying the response token at the server and at the client using the one-way hashed data;
  
  andprogram instruction code for performing data transaction between the server and the client for authorizing the user to access one or more applications, wherein the data transaction comprises;
  
  transmitting a request for service token between the server and the client, wherein the request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client;
  
  transmitting a service token between the server and the client, wherein the service token is encrypted and decrypted at the server using a secret key to verify the service token; and
  
  rendering the requested one or more applications on a user interface of the client based on the verification.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer program product of claim 10, wherein computer program product for performing data transaction between a server and a client for authenticating the user comprises:
    - program instruction code for receiving, at a client, a first challenge token from a server, wherein the first challenge token comprises a one-way hashed random number;
      
      program instruction code for receiving, at a server, a first response token from the client, wherein the first response token comprises a one-way hash of first challenge token and a one-way hashed password of the user;
      
      program instruction code for verifying, at the server, the first response token based on comparing the first response token with hash of the hashed first challenge token and a one-way hashed password;
      
      program instruction code for receiving, at the server, a second challenge token, wherein the second challenge token comprises a one-way hashed random number;
      
      program instruction code for receiving, at the client, a second response token;
      
      wherein the second response token comprises a one-way hashed second challenge token and a one-way hashed password of the user;
      
      program instruction code for verifying, at the client, the second response token based on comparing the second response token with hash of the hashed second challenge token and a one-way hashed password; and
      
      program instruction code for authenticating the user based on the verification.
  - 12. The computer program product of claim 10 further comprising:
    - program instruction code for generating, at the server, a unique session identification associated with the user, wherein the unique session identification is a random number; and
      
      program instruction code for storing the unique session identification in a database.
  - 13. The computer program product of claim 12 further comprising:
    - program instruction code for creating, at the server, the unique session key after authenticating the user, wherein the unique session key comprises at least one of;
      
      user identification, session identification and a timestamp;
      
      program instruction code for encrypting the unique session key using the one-way hashed password;
      
      program instruction code for receiving, at the client, the encrypted unique session key;
      
      program instruction code for decrypting the unique session key using the one-way hashed password; and
      
      program instruction code for storing the decrypted unique session key in a memory associated with the client.
  - 14. The computer program product of claim 10, wherein computer program product for performing data transaction between the server and the client for authorizing the user to access the application comprises:
    - program instruction code for generating and encrypting, at the client, the request for service token, wherein the request for service token is encrypted using the unique session key, further wherein the request for service token represents request for accessing one or more applications;
      
      program instruction code for receiving and decrypting, at the server, the encrypted request for service token, wherein the encrypted request for service token is decrypted using the unique session key;
      
      program instruction code for generating and encrypting, at the server, a service token corresponding to the request for service token, wherein the service token is encrypted using the secret key, further wherein the service token comprises data for accessing the application;
      
      program instruction code for receiving, at the client, the encrypted service token;
      
      program instruction code for receiving, at an application server from the client, the encrypted service token, wherein the application server corresponds to the requested application;
      
      program instruction code for receiving, at the server, the encrypted service token from the application server;
      
      program instruction code for decrypting, at the server, the encrypted service token to verify the service token, wherein the encrypted service token is decrypted using the secret key; and
      
      program instruction code for rendering the requested one or more applications on a web-based user interface of the client based on the verification.
  - 15. The computer program product of claim 10, wherein the request for service token comprises at least one of:
    - internet protocol address associated with a client and application name associated with the requested one or more applications.
  - 16. The computer program product of claim 15, wherein the service token comprises at least one of:
    - internet protocol address associated with the client, user identification, session identification and a unique name associated with the requested one or more applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infosys Limited
Original Assignee
Infosys Limited
Inventors
Kaler, Jasdeep Singh, Thoppil, Preethi, Mahapatra, Sujit Kumar

Granted Patent

US 9,191,375 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0435 wherein the sending and rec...

SYSTEM AND METHOD FOR ACCESSING INTEGRATED APPLICATIONS IN A SINGLE SIGN-ON ENABLED ENTERPRISE SOLUTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR ACCESSING INTEGRATED APPLICATIONS IN A SINGLE SIGN-ON ENABLED ENTERPRISE SOLUTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others