Securely sharing log-in credentials among trusted browser-based applications
First Claim
Patent Images
1. In a computing environment having a connection to a network, computer readable code readable by a computer system in said environment, for securely sharing log-in credentials among trusted browser-based applications, comprising:
- a browser;
one or more applets capable of executing within said browser, each of said applets having been loaded from a codebase associated therewith, and wherein each associated codebase may be distinct;
a shared static data area associated with each of said distinct codebases;
a subprocess for an executing one of said applets to request a secure service;
a subprocess, responsive to said request, for searching for stored credentials in said shared static data area associated with said codebase from which said executing applet was loaded;
a subprocess for retrieving said stored credentials when said search is successful; and
a subprocess for use when said search is not successful, comprising;
a subprocess for prompting a user of said applet to enter a new set of credentials; and
a subprocess for storing said new set of credentials in said shared static data associated with said codebase from which said executing applet was loaded.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and computer program for securely sharing log-in credentials among trusted browser-based applications. Credentials for a user are automatically shared only among a restricted and authorized set of trusted applications, without requiring the application developer to write code to manage the credentials. A single log-in is used to obtain the user credentials for a particular codebase, and the credentials are then reused for applications in that codebase. The Java sandbox concept is exploited to provide this restricted sharing, such that the credentials are stored in the shared static data area associated with the server and codebase from which the set of trusted applications was downloaded.
-
Citations
9 Claims
-
1. In a computing environment having a connection to a network, computer readable code readable by a computer system in said environment, for securely sharing log-in credentials among trusted browser-based applications, comprising:
-
a browser;
one or more applets capable of executing within said browser, each of said applets having been loaded from a codebase associated therewith, and wherein each associated codebase may be distinct;
a shared static data area associated with each of said distinct codebases;
a subprocess for an executing one of said applets to request a secure service;
a subprocess, responsive to said request, for searching for stored credentials in said shared static data area associated with said codebase from which said executing applet was loaded;
a subprocess for retrieving said stored credentials when said search is successful; and
a subprocess for use when said search is not successful, comprising;
a subprocess for prompting a user of said applet to enter a new set of credentials; and
a subprocess for storing said new set of credentials in said shared static data associated with said codebase from which said executing applet was loaded. - View Dependent Claims (2, 3)
a subprocess for verifying said retrieved stored credentials or said new set of credentials before allowing said requested secure service to continue.
-
-
3. Computer readable code for securely sharing log-in credentials among trusted browser-based applications according to claim 2, further comprising:
-
a subprocess for returning an exception to said applet if a result of said verifying indicates that said user is not authorized to perform said requested secure service; and
a subprocess for performing said requested secure service if said result of said verifying indicates that said user is authorized.
-
-
4. A system for securely sharing log-in credentials among trusted browser-based applications in a computing environment having a connection to a network, comprising:
-
a browser;
one or more applets capable of executing within said browser, each of said applets having been loaded from a codebase associated therewith, and wherein each associated codebase may be distinct;
a shared static data area associated with each of said distinct codebases;
means for an executing one of said applets to request a secure service;
means, responsive to said request, for searching for stored credentials in said shared static data area associated with said codebase from which said executing applet was loaded;
means for retrieving said stored credentials when said search is successful; and
means for use when said search is not successful, comprising;
means for prompting a user of said applet to enter a new set of credentials; and
means for storing said new set of credentials in said shared static data associated with said codebase from which said executing applet was loaded. - View Dependent Claims (5, 6)
means for verifying said retrieved stored credentials or said new set of credentials before allowing said requested secure service to continue.
-
-
6. The system for securely sharing log-in credentials among trusted browser-based applications according to claim 5, farther comprising:
-
means for returning an exception to said applet if a result of said verifying indicates that said user is not authorized to perform said requested secure service; and
means for performing said requested secure service if said result of said verifying indicates that said user is authorized.
-
-
7. A method for securely sharing log-in credentials among trusted browser-based applications in a computing environment having a connection to a network, comprising the steps of:
-
requesting a secure service from an executing one of one or more applets capable of executing within a browser, each of said applets having been loaded from a codebase associated therewith, and wherein each associated codebase may be distinct;
searching, responsive to said request, for stored credentials in a shared static data area associated with said codebase from which said executing applet was loaded, wherein each of said distinct codebases has a distinct shared static data area associated therewith;
retrieving said stored credentials when said search is successful; and
when said search is not successful, prompting a user of said applet to enter a new set of credentials and storing said new set of credentials in said shared static data associated with said codebase from which said executing applet was loaded. - View Dependent Claims (8, 9)
verifying said retrieved stored credentials or said new set of credentials before allowing said requested secure service to continue.
-
-
9. The method for securely sharing log-in credentials among trusted browser-based applications according to claim 8, further comprising the steps of:
-
returning an exception to said applet if a result of said verifying step indicates that said user is not authorized to perform said requested secure service; and
performing said requested secure service if said result of said verifying step indicates that said user is authorized.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMcGarvey, John Ryan, Greenfield, Jonathan Scott
-
Primary Examiner(s)WINDER, PATRICE L
-
Application NumberUS09/240,398Time in Patent Office1,299 DaysField of Search713/200, 713/201, 713/156, 713/157, 380/277, 709/225, 709/229, 709/228US Class Current709/229CPC Class CodesH04L 63/0815 providing single-sign-on or...H04L 63/168 above the transport layer
