Shared services management

US 7,334,013 B1
Filed: 12/20/2002
Issued: 02/19/2008
Est. Priority Date: 12/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method of sharing information among network servers, said network servers being coupled to a data communication network for providing services to a user via a client, said client also being coupled to the data communication network, said method comprising:

registering a plurality of services provided by the network servers;

registering a user with respect to a first selected service, said registering comprising receiving, from said user, user-specific information identifying said user with respect to operational information specific to the first selected service and, in response to receiving said user-specific information, assigning said user a unique identifier;

grouping a plurality of the registered services provided by the network servers to define one or more service groups;

storing, in a central database, the user-specific information, said user-specific information including operational information to be shared within each of the service groups to which the first selected service belongs, said central database being associated with a central server coupled to the data communication network;

receiving a request from the user for a second selected service to be provided by one of the network servers, said request being received at the central server, said first and second selected services defining a first service group;

determining, in response to receiving said request, whether the second selected service is registered and belongs to one of the service groups to which the first selected service belongs;

retrieving, from the central database, the user-specific information including the operational information to be shared within each of the service groups to which the first selected service belongs when the second selected service is determined to belong to one of the service groups to which the first selected service belongs;

automatically authenticating the user with respect to the second selected service when navigating from the first selected service, which is in the first service group, to the second selected service, which is also in the first service group; and

generating an authentication ticket including the retrieved user-specific information and routing the user, with the ticket including the retrieved user-specific information, to the network server providing the second selected service, wherein operational information specific to the second selected service and the operational information for sharing between the first and second selected services accompanies the ticket.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and system of sharing information among network servers coupled to a data communication network for providing services to a user via a client on the network and data structure for use therewith. Related services provided by the network servers are grouped into service groups. A database stores user-specific information, including operational information to be shared within the service groups. A central server coupled to the network receives a request from the user for a selected service and determines whether the selected service belongs to one of the service groups. In response to the request, the central server retrieves user-specific information identifying the user with respect to the selected service. The retrieved information includes operational information to be shared within each of the service groups to which the selected service belongs.

130 Citations

View as Search Results

36 Claims

1. A method of sharing information among network servers, said network servers being coupled to a data communication network for providing services to a user via a client, said client also being coupled to the data communication network, said method comprising:
- registering a plurality of services provided by the network servers;
  
  registering a user with respect to a first selected service, said registering comprising receiving, from said user, user-specific information identifying said user with respect to operational information specific to the first selected service and, in response to receiving said user-specific information, assigning said user a unique identifier;
  
  grouping a plurality of the registered services provided by the network servers to define one or more service groups;
  
  storing, in a central database, the user-specific information, said user-specific information including operational information to be shared within each of the service groups to which the first selected service belongs, said central database being associated with a central server coupled to the data communication network;
  
  receiving a request from the user for a second selected service to be provided by one of the network servers, said request being received at the central server, said first and second selected services defining a first service group;
  
  determining, in response to receiving said request, whether the second selected service is registered and belongs to one of the service groups to which the first selected service belongs;
  
  retrieving, from the central database, the user-specific information including the operational information to be shared within each of the service groups to which the first selected service belongs when the second selected service is determined to belong to one of the service groups to which the first selected service belongs;
  
  automatically authenticating the user with respect to the second selected service when navigating from the first selected service, which is in the first service group, to the second selected service, which is also in the first service group; and
  
  generating an authentication ticket including the retrieved user-specific information and routing the user, with the ticket including the retrieved user-specific information, to the network server providing the second selected service, wherein operational information specific to the second selected service and the operational information for sharing between the first and second selected services accompanies the ticket.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 further comprising generating an authentication ticket including the retrieved user-specific information and routing the user, with the ticket, to the network server providing the second selected service.
  - 3. The method of claim 2 wherein the ticket provides the operational information specific to the first selected service and the operational information for sharing between the first selected service and another service in the same service group.
  - 4. The method of claim 2 further comprising storing, in the central database, authentication information for comparison to login information provided by the user to authenticate the user and authenticating the user before routing the user to the network server providing the second selected service.
  - 5. The method of claim 1 further comprising sharing the retrieved user-specific information with another service in the same service group.
  - 6. The method of claim 5 wherein sharing the retrieved user-specific information comprises sharing selected portions of the operational information with another service in the same service group as a function of active context of the first selected service.
  - 7. The method of claim 1 further comprising storing, in the central database, user preference information with respect to at least one of the registered services, said user preference information being stored in the form of a user profile, and sharing the user profile among the services in the same service group.
  - 8. The method of claim 1 wherein the operational information specifies a relationship between the user and the services in the service groups.
  - 9. The method of claim 1 wherein grouping the services to define the service groups comprises pre-defining contractual relationships between at least two of the registered services.
  - 10. The method of claim 1 further comprising receiving a request from the user for a third selected service to be provided by one of the network servers and determining whether the third selected service is registered, said request being received at the central server, said first and third selected services defining a second service group.
  - 11. The method of claim 10 further comprising receiving a request at the central server to re-authenticate the user with respect to the third selected service when navigating from the second selected service, which is in the first service group, to the third selected service, which is in the second service group.
  - 12. The method of claim 11 further comprising generating another authentication ticket including the retrieved user-specific information and routing the user, with the other ticket including the retrieved user-specific information, to the network server providing the third selected service.
  - 13. The method of claim 12 wherein operational information specific to the third selected service and the operational information for sharing between the first and third selected services accompanies the other ticket.
  - 14. The method of claim 1 further comprising encrypting or tamper proofing the operational information.
  - 15. The method of claim 1 further comprising operating a browser program configured to permit the user to communicate on the data communication network.
  - 16. The method of claim 1 wherein the network servers are web servers and the data communication network is the Internet.
  - 17. The method of claim 1 wherein the central server is an authentication server of a multi-site user authentication system and the network servers are affiliated with authentication server, said authentication server receiving requests to authenticate the user when the user requests services to be provided by the affiliated network servers.

18. A method of sharing information among affiliate servers coupled to a data communication network in a multi-site authentication system, said authentication system including an authentication server coupled to the data communication network and a database associated with the authentication server, said database storing authentication information for comparison to login information provided by a user for authenticating the user, said method comprising:
- registering a plurality of affiliate servers;
  
  registering a user to be associated with one or more user-selected services provided by the registered affiliate servers, said registering comprising receiving, from said user, user-specific information identifying the user with respect to operational information specific to the one or more user-selected services and, in response to receiving said user-specific information, assigning said user a unique identifier;
  
  storing, in the database, the user-specific information identifying the user with respect to the one or more user-selected services, said user-specific information including operational information to be shared within pre-defined groups of the registered affiliate servers, said affiliate servers providing the services to the user via a client coupled to the data communication network;
  
  receiving a request from the user for a first selected service to be provided by one of the registered affiliate servers, said request being received at the authentication server;
  
  generating an authentication ticket associated with the user and the first selected service, said authentication server generating the authentication ticket in response to authenticating the user, said authentication ticket having operational information associated therewith to be shared within each of the groups to which the first selected service belongs;
  
  routing the user, with the ticket, to the registered affiliate server providing the first selected service;
  
  retrieving, from the database, the user-specific information identifying the user with respect to the first selected service, said retrieved user-specific information including the operational information to be shared within each of the groups to which the first selected service belongs;
  
  sharing the retrieved user-specific information with another service in the same group, wherein sharing the retrieved user-specific information comprises sharing selected portions of the operational information with another service in the same group as a function of active context of the first selected service.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 19. The method of claim 18 further comprising grouping a plurality of the services provided by the registered affiliate servers to define one or more service groups.
  - 20. The method of claim 19 further comprising determining whether the first selected service belongs to one of the service groups.
  - 21. The method of claim 19 wherein grouping the services to define the service groups comprises pre-defining contractual relationships between at least two of the services provided by the registered affiliate servers.
  - 22. The method of claim 18 wherein the operational information associated with the ticket contains operational information specific to the first selected service and operational information for sharing between the first selected service and another service in the same group.
  - 23. The method of claim 18 further comprising storing, in the database, user preference information with respect to at least one of the services, said user preference information being stored in the form of a user profile, and sharing the user profile among the services in the same group.
  - 24. The method of claim 18 wherein the operational information specifies a relationship between the user and the services in the groups.
  - 25. The method of claim 18 further comprising receiving a request from the user for a second selected service to be provided by one of the registered affiliate servers, said request being received at the authentication server, said first and second selected services defining a first service group.
  - 26. The method of claim 25 further comprising automatically authenticating the user with respect to the second selected service when navigating from the first selected service, which is in the first service group, to the second selected service, which is also in the first service group.
  - 27. The method of claim 26 further comprising routing the user, with the ticket and service specific operational data, to the registered affiliate server providing the second selected service.
  - 28. The method of claim 27 wherein the operational information associated with the ticket comprises operational information specific to the second selected service and operational information for sharing between the first and second selected services.
  - 29. The method of claim 25 further comprising receiving a request from the user for a third selected service to be provided by one of the registered affiliate servers, said request being received at the authentication server, said first and third selected services defining a second service group.
  - 30. The method of claim 29 further comprising receiving a request at the authentication server to re-authenticate the user with respect to the third selected service when navigating from the second selected service, which is in the first service group, to the third selected service, which is in the second service group.
  - 31. The method of claim 30 further comprising generating another authentication ticket having operational information to be shared within the second service group associated therewith and routing the user, with the other ticket, to the registered affiliate server providing the third selected service.
  - 32. The method of claim 31 wherein the operational information associated with the other ticket comprises operational information specific to the third selected service and operational information for sharing between the first and third selected services.
  - 33. The method of claim 18 further comprising encrypting or tamper proofing the operational information.
  - 34. The method of claim 18 further comprising operating a browser program configured to permit the user to communicate on the data communication network.
  - 35. The method of claim 18 further comprising permitting the registered affiliate servers to perform one or more of the following operations directly on the operational information stored in the authentication database without the user being present:
    - query, add, modify, and delete.
  - 36. The method of claim 18 further comprising retaining authority, by the authentication server, to control storing and sharing operational information according to a pre-defined use policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dunn, Melissa W., Calinov, Iulian D.
Primary Examiner(s)
Jaroenchonwanit; Bunjob
Assistant Examiner(s)
Nguyen; Van Kim T

Application Number

US10/324,959
Time in Patent Office

1,887 Days
Field of Search

709/201, 709/218, 709/223, 709/224, 709/226, 709/227, 709/229, 709/230, 709/243
US Class Current

709/201
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

H04L 67/306   User profiles

H04L 67/51   Discovery or management the...

Shared services management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Shared services management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links