Method and system for authorizing a client computer to access a server computer
First Claim
1. A computer-implemented method for authorizing a second client-based application on a client computer to access a service provided by a second server-based application based upon a previously provided authorization that authorized the client computer to use a first client-based application to access a service provided by the first server-based application comprising:
- (a) receiving a request for authorizing the client computer to use said second client-based application to access the service provided by said second server-based application;
(b) wherein the service provided by said second server-based application is different than the service provided by said first server-based application;
(c) wherein the request for authorizing the client computer to use said second client-based application to access the service provided by said second server-based application originates from said first client-based application;
(d) in response to said request;
(i) determining a session length indicating a length of time said client computer has been authorized to access the service provided by said first server-based application;
(ii) calculating a hash value for an authorization ticket received from said first server-based application, said session length, and a secret shared between said client computer and said second server-based application, and(iii) transmitting a request for authorization to access the service provided by said second server-based application comprising said hash value, said authorization ticket, and said session length.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention includes a client computer, a first server computer, and a second server computer. The first server provides an authorization ticket containing a time stamp to the client computer when the client computer is authorized to access the first server. An elapsed time counter is started at the client computer when access is provided to the first server. When a request is received at the client computer to access the second server, the client computer determines the session length based upon the elapsed time counter. The client computer calculates a hash value for the authorization ticket, the session length, and a secret shared with the second server computer. The client computer transmits a login request to the second server including the authorization ticket, the session length, and the hash. The second server decrypts the authorization ticket and retrieves a copy of the shared secret. The second server executes a hash function on the authorization ticket, the session length, and the shared secret. The second server then compares the computed hash to the hash value received from the second client application. If the two hash values are identical, the second server retrieves the time stamp from the authorization ticket and adds the session length to the time stamp. The second server then compares the resulting value to the current time. If the resulting value and the current time are within a preset threshold value, the client computer is provided.
200 Citations
21 Claims
-
1. A computer-implemented method for authorizing a second client-based application on a client computer to access a service provided by a second server-based application based upon a previously provided authorization that authorized the client computer to use a first client-based application to access a service provided by the first server-based application comprising:
-
(a) receiving a request for authorizing the client computer to use said second client-based application to access the service provided by said second server-based application; (b) wherein the service provided by said second server-based application is different than the service provided by said first server-based application; (c) wherein the request for authorizing the client computer to use said second client-based application to access the service provided by said second server-based application originates from said first client-based application; (d) in response to said request; (i) determining a session length indicating a length of time said client computer has been authorized to access the service provided by said first server-based application; (ii) calculating a hash value for an authorization ticket received from said first server-based application, said session length, and a secret shared between said client computer and said second server-based application, and (iii) transmitting a request for authorization to access the service provided by said second server-based application comprising said hash value, said authorization ticket, and said session length. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for authorizing a second client-based application on a client computer to access a service provided by a second server-based application based upon a previously provided authorization that authorized the client computer to use a first client-based application to access a service provided by the first server-based application, comprising:
-
(a) receiving a request for authorizing the client computer to use said second client-based application to access the service provided by said second server-based application from said client computer comprising a hash value, an authorization ticket, and a session length; (b) wherein the service provided by said second server-based application is different than the service provided by said first server-based application; (c) computing a new hash value for said authorization ticket, said session length, and a copy of a secret shared between said client computer and said second server-based application; (d) determining whether said hash value received from said client computer is identical to said new hash value; and (e) in response to determining that said hash value received from said client computer is identical to said new hash value, authorizing said client computer to use said second client-based application to access the service provided by said second server-based application. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification