Method and apparatus for single sign-on in a wireless environment
First Claim
1. A method to facilitate single sign-on services in a wireless environment, comprising:
- receiving a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server;
determining if the wireless gateway holds a token granting access to the partner application on behalf of the user; and
if the wireless gateway does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user through the wireless gateway,receiving the user authentication credential,verifying if the user is authorized to access the partner application based on the user authentication credential, andif the user is authorized to access the partner application, issuing the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user;
otherwise, if the current time is earlier than a time stamp within the token;
granting access to the partner application, andupdating the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates single sign-on services in a wireless environment. The system operates by receiving a request at an application server from a wireless gateway to access a partner application on behalf of a user. The system then determines if the wireless gateway holds a token granting access to the partner application on behalf of the user. If the wireless gateway does not hold the token, the system redirects the request to a single sign-on server. The single sign-on server then requests user authentication credentials from the user through the wireless gateway. After receiving the user authentication credentials, the system determines if the user is authorized to access the partner application. If so, the single sign-on server issues a token to the wireless gateway. This token grants wireless gateway access to the partner application on behalf of the user.
61 Citations
21 Claims
-
1. A method to facilitate single sign-on services in a wireless environment, comprising:
-
receiving a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server; determining if the wireless gateway holds a token granting access to the partner application on behalf of the user; and if the wireless gateway does not hold the token, redirecting the request to a single sign-on server, requesting a user authentication credential from the user through the wireless gateway, receiving the user authentication credential, verifying if the user is authorized to access the partner application based on the user authentication credential, and if the user is authorized to access the partner application, issuing the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user; otherwise, if the current time is earlier than a time stamp within the token; granting access to the partner application, and updating the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method to facilitate single sign-on services in a wireless environment, the method comprising:
-
receiving a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server; determining if the wireless gateway holds a token granting access to the partner application on behalf of the user; and if the wireless gateway does not hold the token, redirecting the request to a single sign-on server, requesting a user authentication credential from the user through the wireless gateway, receiving the user authentication credential, verifying if the user is authorized to access the partner application based on the user authentication credential, and if the user is authorized to access the partner application, issuing the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user; otherwise, if the current time is earlier than a time stamp within the token; granting access to the partner application, and updating the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus to facilitate single sign-on services in a wireless environment, comprising:
-
a receiving mechanism that is configured to receive a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server; a determining mechanism that is configured to determine if the wireless gateway holds a token granting access to the partner application on behalf of the user; and a redirecting mechanism that is configured to redirect the request to a single sign-on server; a requesting mechanism that is configured to request a user authentication credential from the user through the wireless gateway; wherein the receiving mechanism is further configured to receive the user authentication credential, a verifying mechanism that is configured to verify if the user is authorized to access the partner application based on the user authentication credential; an issuing mechanism that is configured to issue the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user, if the user is authorized to access the partner application; and an access granting mechanism that is configured to grant access to the partner application; and a time stamp updating mechanism that is configured to update the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification