Method and apparatus to facilitate single sign-on services in a hosting environment

US 7,174,383 B1
Filed: 06/03/2002
Issued: 02/06/2007
Est. Priority Date: 08/31/2001
Status: Active Grant

First Claim

Patent Images

1. A method to facilitate single sign-on services in a hosting environment, comprising:

receiving a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities;

determining if the user holds a token granting access to the partner application; and

if the user does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user,receiving the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server,verifying if the user is authorized to access the partner application based on the entity identifier, andif the user is authorized to access the partner application, issuing the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates single sign-on services in a hosting environment. The system operates by first receiving a request from a user to access a partner application at an application server. The system then determines if the user holds a token granting access to this partner application. If the user does not hold this token, the system redirects the request to a single sign-on server. This single sign-on server requests a user authentication credential from the user. Upon receiving the user authentication credential, including an entity identifier, the single sign-on server verifies if the user is authorized to access the partner application based on the entity identifier. If the user is authorized to access the partner application, the single sign-on server issues a token to the user, which grants the user access to the partner application.

Citations

24 Claims

1. A method to facilitate single sign-on services in a hosting environment, comprising:
- receiving a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities;
  
  determining if the user holds a token granting access to the partner application; and
  
  if the user does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user,receiving the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server,verifying if the user is authorized to access the partner application based on the entity identifier, andif the user is authorized to access the partner application, issuing the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1,wherein the partner application includes one of a plurality of partner applications;
    - andwherein the token can grant access to another application of the plurality of partner applications.
  - 3. The method of claim 2, further comprising allowing an administrator to establish the plurality of partner applications.
  - 4. The method of claim 3, wherein the administrator establishes the plurality of partner applications based on the entity identifier.
  - 5. The method of claim 4, further comprising storing data related to the plurality of partner applications in the virtual private database, wherein the virtual private database is established based on the entity identifier.
  - 6. The method of claim 1, wherein the entity identifier includes a company identifier.
  - 7. The method of claim 1, further comprising encrypting the token issued to the user to protect the token from tampering.
  - 8. The method of claim 1, further comprising encrypting the user authentication credential during transit on a network.

9. A computer-readable storage device storing instructions that when executed by a computer cause the computer to perform a method to facilitate single sign-on services in a hosting environment, the method comprising:
- receiving a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities;
  
  determining if the user holds a token granting access to the partner application; and
  
  if the user does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user,receiving the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server,verifying if the user is authorized to access the partner application based on the entity identifier, andif the user is authorized to access the partner application, issuing the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A computer-readable storage device of claim 9, wherein the partner application includes one of a plurality of partner applications;
    - and wherein the token can grant access to another application of the plurality of partner applications.
  - 11. A computer-readable storage device of claim 10, the method further comprising allowing an administrator to establish the plurality of partner applications.
  - 12. A computer-readable storage device of claim 11, wherein the administrator establishes the plurality of partner applications based on the entity identifier.
  - 13. A computer-readable storage device of claim 12, the method further comprising storing data related to the plurality of partner applications in the virtual private database, wherein the virtual private database is established based on the entity identifier.
  - 14. A computer-readable storage device of claim 9, wherein the entity identifier includes a company identifier.
  - 15. A computer-readable storage device of claim 9, the method further comprising encrypting the token issued to the user to protect the token from tampering.
  - 16. A computer-readable storage device of claim 9, the method further comprising encrypting the user authentication credential during transit on a network.

17. An apparatus to facilitate single sign-on services in a hosting environment, comprising:
- a first receiving mechanism that is configured to receive a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities;
  
  a determining mechanism that is configured to determine if the user holds a token granting access to the partner application;
  
  a redirecting mechanism that is configured to redirect the request to a single sign-on server;
  
  a requesting mechanism that is configured to request a user authentication credential from the user;
  
  a second receiving mechanism that is configured to receive the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server;
  
  a verifying mechanism that is configured to verify if the user is authorized to access the partner application based on the entity identifier; and
  
  an issuing mechanism that is configured to issue the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The apparatus of claim 17,wherein the partner application includes one of a plurality of partner applications;
    - andwherein the token can grant access to another application of the plurality of partner applications.
  - 19. The apparatus of claim 18, further comprising an access mechanism that is configured to allow an administrator to establish the plurality of partner applications.
  - 20. The apparatus of claim 19, wherein the administrator establishes the plurality of partner applications based on the entity identifier.
  - 21. The apparatus of claim 20, further comprising a storing mechanism that is configured to store data related to the plurality of partner applications in the virtual private database, wherein the virtual private database is established based on the entity identifier.
  - 22. The apparatus of claim 17, wherein the entity identifier includes a company identifier.
  - 23. The apparatus of claim 17, further comprising an encrypting mechanism that is configured to encrypt the token issued to the user to protect the token from tampering.
  - 24. The apparatus of claim 17, further comprising an encrypting mechanism that is configured to encrypt the user authentication credential during transit on a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Bhatia, Gaurav, Swaminathan, Arun, Biswas, Kamalendu
Primary Examiner(s)
Cardone; Jason
Assistant Examiner(s)
Duong; Thomas

Application Number

US10/160,524
Time in Patent Office

1,709 Days
Field of Search

None
US Class Current

709/229
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/083 using passwords cryptograph...

Method and apparatus to facilitate single sign-on services in a hosting environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to facilitate single sign-on services in a hosting environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links