Facilitating single sign-on by using authenticated code to access a password store
First Claim
1. A method for facilitating access to a plurality of applications that require passwords, comprising:
- receiving a request for a password from an application running on a remote computer system, the request being received at a local computer system;
authenticating the request as originating from a trusted source, wherein authenticating the request involves authenticating the remote computer system that sent the request;
using an identifier for the application to look up the password for the application in a password store containing a plurality of passwords associated with the plurality of applications, wherein the plurality of passwords allows a different password to be used with each application of the plurality of applications;
if the password exists in the password store, sending the password or a function of the password to the application on the remote computer system;
receiving a second request to change the password from the application on the remote computer system;
automatically generating a replacement password;
storing the replacement password in the password store; and
forwarding the replacement password or the password function to the application on the remote computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates accessing to a plurality of applications that require passwords. When the system receives a request for a password from an application running on a remote computer system, the system first authenticates the request to ensure that it originated from a trusted source. Next, the system uses an identifier for the application to look up the password for the application in a password store, which contains passwords associated with the plurality of applications. If the password exists in the password store, the system sends the password or a function of the password to the application on the remote computer system. Hence, the system creates the illusion that there is a single sign on to a large number of applications, whereas in reality the system automatically provides different passwords to the applications as they are requested. In one embodiment of the present invention, the request for the password includes computer code that when run on the local computer system requests the password on behalf of the application on the remote computer system. In a variation on this embodiment, the computer code is in the form of a JAVA™ applet that runs on a JAVA™ virtual machine on the local computer system. In one embodiment of the present invention, the JAVA™ applet is a signed JAVA™ applet, and authenticating the request involves authenticating the JAVA™ applet'"'"'s certificate chain.
84 Citations
49 Claims
-
1. A method for facilitating access to a plurality of applications that require passwords, comprising:
-
receiving a request for a password from an application running on a remote computer system, the request being received at a local computer system; authenticating the request as originating from a trusted source, wherein authenticating the request involves authenticating the remote computer system that sent the request; using an identifier for the application to look up the password for the application in a password store containing a plurality of passwords associated with the plurality of applications, wherein the plurality of passwords allows a different password to be used with each application of the plurality of applications; if the password exists in the password store, sending the password or a function of the password to the application on the remote computer system; receiving a second request to change the password from the application on the remote computer system; automatically generating a replacement password; storing the replacement password in the password store; and forwarding the replacement password or the password function to the application on the remote computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating access to a plurality of applications that require passwords, the method comprising:
-
receiving a request for a password from an application running on a remote computer system, the request being received at a local computer system; authenticating the request as originating from a trusted source, wherein authenticating the request involves authenticating the remote computer system that sent the request; using an identifier for the application to look up the password for the application in a password store containing a plurality of passwords associated with the plurality of applications, wherein the plurality of passwords allows a different password to be used with each application of the plurality of applications; if the password exists in the password store, sending the password or a function of the password to the application on the remote computer system; receiving a second request to change the password from the application on the remote computer system; automatically generating a replacement password; storing the replacement password in the password store; and forwarding the replacement password or the password function to the application on the remote computer system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. An apparatus that facilitates accessing a plurality of applications that require passwords, comprising:
-
a receiving mechanism that receives a request for a password from an application running on a remote computer system, the request being received at a local computer system; an authentication mechanism that authenticates the request as originating from a trusted source, wherein the authentication mechanism is configured to authenticate the remote computer system that sent the request; a lookup mechanism that uses an identifier for the application to look up the password for the application in a password store containing a plurality of passwords associated with the plurality of applications, wherein the plurality of passwords allows a different password to be used with each application of the plurality of applications; a forwarding mechanism that sends the password to the application on the remote computer system if the password exists in the password store; and a password changing mechanism that is configured to; receive a request to change the password from the application on the remote computer system; automatically generate a replacement password; store the replacement password in the password store; and
toforward the replacement password to the application on the remote computer system. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A method for facilitating access to a plurality of applications that require passwords, comprising:
-
receiving a request to look up a password at a password server; authenticating the request as originating from a trusted source, wherein authenticating the request involves authenticating the remote computer system that sent the request; wherein the request is received from a client and includes an identifier for an application requesting the password from the client; using the identifier for the application to look up the password for the application in a password store containing a plurality of passwords associated with the plurality of applications, wherein the plurality of passwords allows a different password to be used with each application of the plurality of applications; if the password exists in the password store, sending the password or a function of the password to the client, so that the client can present the password to the application; receiving a second request from the client to change the password at the password server; automatically generating a replacement password; storing the replacement password in the password store; and forwarding the replacement password or the password to the client. - View Dependent Claims (47, 48)
-
-
49. A server that distributes code for facilitating access to a plurality of applications that require passwords, wherein the code operates by:
-
receiving a request for a password from an application running on a remote computer system, the request being received at a local computer system; authenticating the request as originating from a trusted source, wherein authenticating the request involves authenticating the remote computer system that sent the request; using an identifier for the application to look up the password for the application in a password store containing a plurality of passwords associated with the plurality of applications, wherein the plurality of passwords allows a different password to be used with each application of the plurality of applications; if the password exists in the password store, sending the password or a function of the password to the application on the remote computer system; receiving a second request to change the password from the application on the remote computer system; automatically generating a replacement password; storing the replacement password in the password store; and forwarding the replacement password or the password function to the application on the remote computer system.
-
Specification