CONSOLIDATED AUTHENTICATION

US 20150020184A1
Filed: 10/03/2014
Published: 01/15/2015
Est. Priority Date: 05/07/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising:

said second computer receiving from the user a first request to access the first application, and in response, the second computer redirecting the first request to a third computer, and in response, the third computer determining that the user was previously authenticated and notifying the second computer that the user is authentic, and in response, the second computer returning a first session key to the third computer, said first session key enabling a session with the first application but not with the second application, said first, second, and third computers being three different computers, said first and second applications installed in the second computer being different applications; and

said second computer receiving from the user a second request with a second session key to access the first application, the second application, or both the first application and the second application, and in response the second computer determining that the user is authentic and notifying the first application, the second application, or both the first application and the second application that the user is authentic so that the first application, the second application, or both the first application and the second application can send, to the first computer, a response to the second request,wherein the second session key was generated by the third computer, and sent by the third computer to the first computer, prior to the second computer having received the second request and in response to the third computer having received the first session key, andwherein the second session key enables a session with both the first application and the second application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating a user at a first computer to first and second applications installed in a second computer. The second computer receives from the user a first request to access the first application, and in response, the second computer redirects the first request to a third computer, and in response, the third computer determines that the user was previously authenticated and so notifies the second computer, and in response, the second computer returns a first session key to the third computer. The first session key enables a session with the first application but not with the second application. The second computer receives from the user a second request with a second session key to access the first and/or second application, and in response the second computer determines that the user is authentic and notifying the first and/or second application that the user is authentic.

Citations

18 Claims

1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising:
- said second computer receiving from the user a first request to access the first application, and in response, the second computer redirecting the first request to a third computer, and in response, the third computer determining that the user was previously authenticated and notifying the second computer that the user is authentic, and in response, the second computer returning a first session key to the third computer, said first session key enabling a session with the first application but not with the second application, said first, second, and third computers being three different computers, said first and second applications installed in the second computer being different applications; and
  
  said second computer receiving from the user a second request with a second session key to access the first application, the second application, or both the first application and the second application, and in response the second computer determining that the user is authentic and notifying the first application, the second application, or both the first application and the second application that the user is authentic so that the first application, the second application, or both the first application and the second application can send, to the first computer, a response to the second request,wherein the second session key was generated by the third computer, and sent by the third computer to the first computer, prior to the second computer having received the second request and in response to the third computer having received the first session key, andwherein the second session key enables a session with both the first application and the second application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, said method further comprising:
    - said second computer receiving from the user the second request with the second session key to access the first application, and in response the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can send, to the first computer, a response to the second request.
  - 3. The method of claim 1, said method further comprising:
    - said second computer receiving from the user the second request with the second session key to access the second application, and in response the second computer determining that the user is authentic and notifying the second application that the user is authentic so that the second application can send, to the first computer, a response to the second request.
  - 4. The method of claim 1, wherein the user was previously authenticated to the third computer during registration of the user with the third computer.
  - 5. The method of claim 1, wherein the second session key also enables a session with a third application in a fourth computer, and where in method further comprises:
    - said fourth computer receiving a third request including the second session key from the user to access the third application, and in response the fourth computer determining that the user is authentic and notifying the third application that the user is authentic so the third application can send, to the first computer, a response to the third request.
  - 6. The method of claim 1, wherein said determining by third computer that the user was previously authenticated is based on a userID and password.

7. A computer program product, comprising one or more computer readable tangible storage devices and program instructions stored on the one or more storage devices, said program instructions configured to be executed by one or more processors to implement a method for authenticating a user at a first computer to first and second applications installed in a second computer, said method comprising:
- said second computer receiving from the user a first request to access the first application, and in response, the second computer redirecting the first request to a third computer, and in response, the third computer determining that the user was previously authenticated and notifying the second computer that the user is authentic, and in response, the second computer returning a first session key to the third computer, said first session key enabling a session with the first application but not with the second application, said first, second, and third computers being three different computers, said first and second applications installed in the second computer being different applications; and
  
  said second computer receiving from the user a second request with a second session key to access the first application, the second application, or both the first application and the second application, and in response the second computer determining that the user is authentic and notifying the first application, the second application, or both the first application and the second application that the user is authentic so that the first application, the second application, or both the first application and the second application can send, to the first computer, a response to the second request,wherein the second session key was generated by the third computer, and sent by the third computer to the first computer, prior to the second computer having received the second request and in response to the third computer having received the first session key, andwherein the second session key enables a session with both the first application and the second application.
- View Dependent Claims (8, 9, 10, 11, 12, 14, 15, 16, 17, 18)
- - 8. The computer program product of claim 7, said method further comprising:
    - said second computer receiving from the user the second request with the second session key to access the first application, and in response the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can send, to the first computer, a response to the second request.
  - 9. The computer program product of claim 7, said method further comprising:
    - said second computer receiving from the user the second request with the second session key to access the second application, and in response the second computer determining that the user is authentic and notifying the second application that the user is authentic so that the second application can send, to the first computer, a response to the second request.
  - 10. The computer program product of claim 7, wherein the user was previously authenticated to the third computer during registration of the user with the third computer.
  - 11. The computer program product of claim 7, wherein the second session key also enables a session with a third application in a fourth computer, and where in method further comprises:
    - said fourth computer receiving a third request including the second session key from the user to access the third application, and in response the fourth computer determining that the user is authentic and notifying the third application that the user is authentic so the third application can send, to the first computer, a response to the third request.
  - 12. The computer program product of claim 7, wherein said determining by third computer that the user was previously authenticated is based on a userID and password.
  - 14. The computer system of claim 7, said method further comprising:
    - said second computer receiving from the user the second request with the second session key to access the first application, and in response the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can send, to the first computer, a response to the second request.
  - 15. The computer system of claim 7, said method further comprising:
    - said second computer receiving from the user the second request with the second session key to access the second application, and in response the second computer determining that the user is authentic and notifying the second application that the user is authentic so that the second application can send, to the first computer, a response to the second request.
  - 16. The computer system of claim 7, wherein the user was previously authenticated to the third computer during registration of the user with the third computer.
  - 17. The computer system of claim 7, wherein the second session key also enables a session with a third application in a fourth computer, and where in method further comprises:
    - said fourth computer receiving a third request including the second session key from the user to access the third application, and in response the fourth computer determining that the user is authentic and notifying the third application that the user is authentic so the third application can send, to the first computer, a response to the third request.
  - 18. The computer system of claim 7, wherein said determining by third computer that the user was previously authenticated is based on a userID and password.

13. A computer system comprising one or more processors, one or more computer readable memories, and one or more computer readable tangible storage devices, and program instructions stored on the one or more storage devices, said program instructions configured to be executed by the one or more processors via the one or more memories to implement a method for authenticating a user at a first computer to first and second applications installed in a second computer, said method comprising:
- said second computer receiving from the user a first request to access the first application, and in response, the second computer redirecting the first request to a third computer, and in response, the third computer determining that the user was previously authenticated and notifying the second computer that the user is authentic, and in response, the second computer returning a first session key to the third computer, said first session key enabling a session with the first application but not with the second application, said first, second, and third computers being three different computers, said first and second applications installed in the second computer being different applications; and
  
  said second computer receiving from the user a second request with a second session key to access the first application, the second application, or both the first application and the second application, and in response the second computer determining that the user is authentic and notifying the first application, the second application, or both the first application and the second application that the user is authentic so that the first application, the second application, or both the first application and the second application can send, to the first computer, a response to the second request,wherein the second session key was generated by the third computer, and sent by the third computer to the first computer, prior to the second computer having received the second request and in response to the third computer having received the first session key, andwherein the second session key enables a session with both the first application and the second application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Doleh, Yaser K., Kalamaras, Christopher G., Marzorati, Mauro

Granted Patent

US 9,319,399 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/1012   to domains

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

CONSOLIDATED AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

CONSOLIDATED AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links