System and method for web server user authentication

US 6,205,480 B1
Filed: 08/19/1998
Issued: 03/20/2001
Est. Priority Date: 08/19/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for accessing protected applications on a network, comprising:

performing an initial authentication of a user via a web server;

creating a network credential for the user, the network credential including at least a role of the user;

receiving a user request to access a protected application via the web server;

automatically accessing a script configured to determine at least one script access value based on the network credential and a script access value name, the at least one script access value providing user access authentication information for the protected application; and

presenting the user access authentication to the protected application.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for automatically authenticating a user to applications in a network environment. After an initial authentication procedure, the user'"'"'s identity is mapped into a network credential which includes the user'"'"'s role, and which is formed into a cookie. To gain access to an application requiring authentication, the cookie is provided to a script, and the information contained in the cookie is used to obtain authentication data required by the desired application.

305 Citations

28 Claims

1. A method for accessing protected applications on a network, comprising:
- performing an initial authentication of a user via a web server;
  
  creating a network credential for the user, the network credential including at least a role of the user;
  
  receiving a user request to access a protected application via the web server;
  
  automatically accessing a script configured to determine at least one script access value based on the network credential and a script access value name, the at least one script access value providing user access authentication information for the protected application; and
  
  presenting the user access authentication to the protected application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the step of creating a network credential comprises selecting a user role from a plurality of roles, and wherein the number of roles is less than a number of network users.
  - 3. The method of claim 1, further comprising the step of forming a cookie from the network credential.
  - 4. The method of claim 3, wherein the step of transferring the network credential is performed by transferring the cookie.
  - 5. The method of claim 1, wherein the step of creating is performed by mapping user initial authentication data to the network credential by consulting an X.500 directory.
  - 6. The method of claim 1, wherein the network is an intranet.
  - 7. The method of claim 1, wherein the step of performing the initial authentication comprises mapping the user to a user role.

8. A system for providing user access to protected applications, comprising:
- a plurality of servers for managing network resources including one or more protected applications, each configured to grant access to a protected application upon user authentication;
  
  a browser communicating between the user and the plurality of servers, the browser being capable of accessing initial user authentication information; and
  
  computer memory for storing data defining mapping between initial user authentication information, network credentials including a user role, and script access values;
  
  wherein the browser provides user access to the one or more protected applications via a web server based on the initial authentication information, and by consulting the stored script access values transparently to the user via a script.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, wherein the servers are intranet network servers.
  - 10. The system of claim 8, wherein the number of user roles is less than a number of system users.
  - 11. The system of claim 8, wherein the browser communicates with the servers according to a hypertext transfer protocol format.
  - 12. The system of claim 8, wherein the first server creates a cookie including the user role, and the browser provides access to a second application by providing the cookie to a script which is stored on the network.
  - 13. The system of claim 12, wherein the first server accesses script access values stored in a database for the second application based on the cookie.
  - 14. The system of claim 8, wherein said computer memory comprises a first directory for storing data defining mapping between said initial user authentication information and network credentials, and a second directory for storing the script access values.
  - 15. The system of claim 8, wherein said computer memory comprises a single directory for storing said data defining mapping between said initial user authentication information and said script access values.

16. A computer readable storage medium including machine-readable instructions comprising:
- one or more instructions for performing an initial authentication of a user via a web server;
  
  one or more instructions for determining a network credential for the user, the network credential including at least a role of the user;
  
  one or more instructions for receiving a user request to access a protected application via the web server;
  
  one or more instructions for automatically accessing a script configured to retrieve at least one script access value based on the network credential and a script access value name, the at least one script access value providing user access authentication information for the protected application; and
  
  one or more instructions for presenting the user access authentication to the protected application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The medium of claim 16, wherein the step of creating a network credential comprises selecting a user role from a plurality of roles, and wherein the number of roles is less than a number of network users.
  - 18. The medium of claim 16, further comprising one or more instructions for forming a cookie that includes the network credential.
  - 19. The medium of claim 16, further comprising one or more instructions for mapping the user to a user role.
  - 20. The medium of claim 16, further comprising one or more instructions for selecting a user role from a plurality of roles wherein the number of roles is less than the number of network users.

21. A computer readable medium including machine-readable instructions comprising:
- one or more instructions for performing an initial authentication of a user via a web server;
  
  one or more instructions for determining a network credential for the user, the network credential including at least a role of the user;
  
  one or more instructions for receiving a user request to access at least one protected application via the web server;
  
  one or more instructions for automatically accessing a script;
  
  one or more instructions for transferring the network credential to the script;
  
  one or more instructions for determining a script access value name based upon said user role;
  
  one or more instructions for retrieving script access values based on said script access value name;
  
  one or more instructions for determining a user identification and password based on the script access values; and
  
  one or more instructions for presenting the determined user identification and password for user access to one or more of the at least one protected application.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The medium of claim 21, further comprising one or more instructions for mapping the user to a user role.
  - 23. The medium of claim 21, further comprising one or more instructions for selecting a user role from a plurality of roles wherein the number of roles is less than the number of network users.
  - 24. The medium of claim 21, further comprising one or more instructions for forming a cookie that includes the network credential.
  - 25. The medium of claim 21, further comprising one or more instructions for consulting an X.500 directory.

26. Computer readable data transmission between a web server and a browser for authenticating user access to at least one protected application on a network comprising:
- at least one data structure for performing an initial authentication of a user;
  
  at least one data structure for determining a network credential for the user, the network credential including at least a role of the user;
  
  at least one data structure transferring a user request to access a protected application on the network;
  
  at least one data structure for automatically accessing a script configured to retrieve at least one script access value based on the network credential and a script access value name, the at least one script access value providing user access authentication information for the protected application; and
  
  at least one data structure for presenting the user access authentication information to the protected application.

27. Computer readable data transmission between a web server and a browser for authenticating user access to at least one protected application on a network comprising:
- at least one data structure that automatically accesses a script configured to determine at least one script access value based on a network credential and a script access value name, the at least one script access value providing user access authentication information for a protected application, and the network credential including at least a role of the user; and
  
  at least one data structure that presents the user access authentication information to the protected application.

28. A method for accessing information on a network, comprising:
- performing an initial authentication of a user via a web server;
  
  creating a network credential for the user, the network credential including at least a role of the user;
  
  receiving a user request to access at least one of an application, a file or a document via the web server;
  
  automatically accessing a script configured to determine at least one script access value based on the network credential and a script access value name, the at least one script access value providing user access authentication information for at least one of the at least one application, file or document; and
  
  presenting the user access authentication to the at least one application, file or document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
McMahon, Piers, White, Clive John, Byrne, Barry Anthony, Broadhurst, Christopher John Creighton, Press, James
Primary Examiner(s)
Burgess, Glenton B.
Assistant Examiner(s)
HO, CHUONG T

Application Number

US09/136,682
Time in Patent Office

944 Days
Field of Search

709/223, 709/224, 709/225, 709/229, 709/226, 713/201, 713/202, 707/10, 707/9
US Class Current

709/225
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Y10S 707/99939   Privileged access

System and method for web server user authentication

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

305 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

System and method for web server user authentication

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

305 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others