Systems and methods providing interactions between multiple servers and an end use device
DCFirst Claim
1. A method of conveying access control information from one network device to another network device on a different domain through an end user device comprising:
- the one network device in response to a first message received from the end user device containing access control information, sending a response message to the end user device containing the access control information, the response message being adapted to cause the end user device to send a second message to the another network device containing at least part of the access control information; and
presenting an option to the end user device to send the second message or not,wherein at least part of the access control information is used to control access to a protected resource on at least one of the first and second network devices.
8 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Methods and systems are provided which convey access control information from a first server to a second server through an end user device, for example in a system in which these servers and devices are all connected to the Internet. The method starts after the first server receives a message from the end user device. The first server in response to this message from the end user device sends a response message to the end user device containing the access control information to be conveyed to the second server, optionally after performing authentication. The response message also contains an instruction for the end user device to post a second message to the second server containing the information. The information is preferably contained in a content portion of the message. A hidden form may be used in the response message to contain the information. Optionally, the end user may be presented with an option to post the second message or not. This may allow conformance with data privacy laws requiring end user consent of data transfer. The instruction to post to the second server may consist of active content within the response message'"'"'s content portion. This can be used to cause an end user device to store a cookie in association with a number of servers in different domains thereby implementing a multiple domain single sign-on function.
-
Citations
32 Claims
-
1. A method of conveying access control information from one network device to another network device on a different domain through an end user device comprising:
-
the one network device in response to a first message received from the end user device containing access control information, sending a response message to the end user device containing the access control information, the response message being adapted to cause the end user device to send a second message to the another network device containing at least part of the access control information; and presenting an option to the end user device to send the second message or not, wherein at least part of the access control information is used to control access to a protected resource on at least one of the first and second network devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of conveying access control information from one network device to another network device on a different domain through an end user device comprising:
-
the one network device in response to a first message received from the end user device containing access control information, sending a response message to the end user device containing the access control information, response message being adapted to cause the end user device to send a second message to the another network device containing at least part of the access control information; containing user-specific information in the response message together with instructions to include at least part of the user-specific information in the second message; and presenting an option to the end user device to change and/or delete any of the user-specific information before sending the message to the another network device, wherein at least part of the access control information is used to control access to a protected resource on at least one of the first and second network devices.
-
-
13. A method of conveying access control information from one network device to another network device on a different domain through an end user device comprising:
-
the one network device in response to a first message received from the end user device containing access control information, sending a response message to the end user device containing the access control information, the response message being adapted to cause the end user device to send a second message to the another network device containing at least part of the access control information; containing user-specific information in the response message together with instructions to include at least part of the user-specific information in the second message; and presenting an option to the end user device to include or not include the at least part of the user-specific information in the second message, wherein at least part of the access control information is used to control access to a protected resource on at least one of the first and second network devices.
-
-
14. A network device implemented method comprising:
-
a) a network device on a first network domain receiving an input message having a header portion and a content portion, with the input message containing an access control information embedded within the content portion; b) the network device responding with a response message having a header portion and a content portion, with the response message containing the access control information in the header portion and having a content portion containing the access control information and also containing instructions to send a subsequent message to another network device on a different network domain, the subsequent message having a content portion containing at least part of the access control information. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A network device implemented method comprising:
-
the network device responding to an initial access request with a redirect message instructing a redirection to a MDSSO (multi-domain single sign-on) function on the network device, the redirect message also specifying an access control information in a header of the redirect message; the MDSSO function receiving an input message having a header portion and a content portion, with the input message containing the access control information embedded within the header portion; the MDSSO function responding with a response message having a header portion and a content portion, with the response message containing the access control information in the header portion and having the content portion containing the access control information and also containing instructions to send a subsequent message to another network device on a different network domain, the subsequent message having a content portion containing at least part of the access control information. - View Dependent Claims (23)
-
-
24. A network device comprising an authentication front end and an MDSSO function, the network device being adapted to provide initial network device functionality upon receipt of a request message containing access control information only in a header portion, and adapted to provide non-initial network device functionality upon receipt of a request message containing access control information in both a header portion and a content portion;
-
wherein in providing the initial network device functionality; a) the authentication front end is adapted to process an initial access request message from an end user device to access a protected resource on the network device by performing an authentication process to determine if access should be granted and if so, responding with an access response message specifying an access control information in association with the domain of the network device and causing the end user device to send a first request message to an MDSSO (multiple domain single sign-on) function on the network device specifying the access control information in a header portion of the first request message; b) the MDSSO function is adapted to process a request message directed to it containing access control information only in a header portion by extracting the access control information from the header portion and sending to the end user device a response message containing the access control information in a header portion and having a content portion containing the access control information and also containing instructions to send a subsequent request message to another network device on a different network domain, the subsequent message having a content portion containing the at least part of access control information; wherein in providing non-initial network device functionality; c) the MDSSO function is adapted to process a request message directed to it containing access control information in a content portion by extracting the access control information from the content and sending to the end-user device a response message containing the access control information in a header portion and having a content portion containing the access control information and also containing instructions to send a subsequent message to another network device on a different network domain, the subsequent message having a content portion containing at least part of the access control information. - View Dependent Claims (25, 26, 27, 28)
-
-
29. An article of manufacture comprising:
-
a computer usable medium having computer readable program code means embodied therein for implementing a multiple domain single sign-on function, the computer readable code means in the article of manufacture comprising; first computer readable code means adapted to receive in a first domain a first request message from a remote device, the first request message having a header portion and a content portion and containing an access control information embedded within the content portion, and to generate a response message having a header portion and a content portion, the header portion containing the access control information and the content portion containing the access control information and also containing instructions causing the remote device to access a network address in a different domain specified in the content portion with a subsequent message containing at least part of the access control information. - View Dependent Claims (30, 31)
-
-
32. A method of conveying user-specific information from one network device to another network device on a different domain through an end user device comprising:
the one network device in response to a first message received from the end user device containing user-specific information, sending a response message to the end user device containing the user-specific information, the response message being adapted to cause the end user device to send a second message to the another network device containing at least part of the user-specific information after presenting an option to the end user device to change and/or delete any of the user-specific information; wherein the response message has a header portion and a content portion and the response message contains the user-specific information and a network device identifier for the another network device embedded within its content portion; the second message has a header portion and a content portion and the second message contains the at least part of the user-specific information embedded within its content portion.
Specification