Method and apparatus for single sign-on in a wireless environment

US 7,340,525 B1
Filed: 01/24/2003
Issued: 03/04/2008
Est. Priority Date: 01/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method to facilitate single sign-on services in a wireless environment, comprising:

receiving a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server;

determining if the wireless gateway holds a token granting access to the partner application on behalf of the user; and

if the wireless gateway does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user through the wireless gateway,receiving the user authentication credential,verifying if the user is authorized to access the partner application based on the user authentication credential, andif the user is authorized to access the partner application, issuing the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user;

otherwise, if the current time is earlier than a time stamp within the token;

granting access to the partner application, andupdating the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates single sign-on services in a wireless environment. The system operates by receiving a request at an application server from a wireless gateway to access a partner application on behalf of a user. The system then determines if the wireless gateway holds a token granting access to the partner application on behalf of the user. If the wireless gateway does not hold the token, the system redirects the request to a single sign-on server. The single sign-on server then requests user authentication credentials from the user through the wireless gateway. After receiving the user authentication credentials, the system determines if the user is authorized to access the partner application. If so, the single sign-on server issues a token to the wireless gateway. This token grants wireless gateway access to the partner application on behalf of the user.

61 Citations

View as Search Results

21 Claims

1. A method to facilitate single sign-on services in a wireless environment, comprising:
- receiving a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server;
  
  determining if the wireless gateway holds a token granting access to the partner application on behalf of the user; and
  
  if the wireless gateway does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user through the wireless gateway,receiving the user authentication credential,verifying if the user is authorized to access the partner application based on the user authentication credential, andif the user is authorized to access the partner application, issuing the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user;
  
  otherwise, if the current time is earlier than a time stamp within the token;
  
  granting access to the partner application, andupdating the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1,wherein the partner application is one of a plurality of partner applications;
    - andwherein the token can grant access to another application in the plurality of partner applications.
  - 3. The method of claim 2, further comprising allowing an administrator to establish the plurality of partner applications.
  - 4. The method of claim 3, wherein the administrator establishes the plurality of partner applications based on the user authentication credential.
  - 5. The method of claim 1, further comprising encrypting the token issued to the wireless gateway to protect the token from tampering.
  - 6. The method of claim 1, further comprising encrypting the user authentication credential during transit across a network.
  - 7. The method of claim 1, further comprising establishing a wireless session between a user device and the wireless gateway, whereby the user can access the partner application and receive output from the partner application.

8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method to facilitate single sign-on services in a wireless environment, the method comprising:
- receiving a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server;
  
  determining if the wireless gateway holds a token granting access to the partner application on behalf of the user; and
  
  if the wireless gateway does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user through the wireless gateway,receiving the user authentication credential,verifying if the user is authorized to access the partner application based on the user authentication credential, andif the user is authorized to access the partner application, issuing the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user;
  
  otherwise, if the current time is earlier than a time stamp within the token;
  
  granting access to the partner application, andupdating the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8,wherein the partner application is one of a plurality of partner applications;
    - andwherein the token can grant access to another application in the plurality of partner applications.
  - 10. The computer-readable storage medium of claim 9, the method further comprising allowing an administrator to establish the plurality of partner applications.
  - 11. The computer-readable storage medium of claim 10, wherein the administrator establishes the plurality of partner applications based on the user authentication credential.
  - 12. The computer-readable storage medium of claim 8, the method further comprising encrypting the token issued to the wireless gateway to protect the token from tampering.
  - 13. The computer-readable storage medium of claim 8, the method further comprising encrypting the user authentication credential during transit across a network.
  - 14. The computer-readable storage medium of claim 8, the method further comprising establishing a wireless session between a user device and the wireless gateway, whereby the user can access the partner application and receive output from the partner application.

15. An apparatus to facilitate single sign-on services in a wireless environment, comprising:
- a receiving mechanism that is configured to receive a request at an application server from a wireless gateway on behalf of a user to access a partner application within a set of partner applications in the wireless environment on the application server;
  
  a determining mechanism that is configured to determine if the wireless gateway holds a token granting access to the partner application on behalf of the user; and
  
  a redirecting mechanism that is configured to redirect the request to a single sign-on server;
  
  a requesting mechanism that is configured to request a user authentication credential from the user through the wireless gateway;
  
  wherein the receiving mechanism is further configured to receive the user authentication credential,a verifying mechanism that is configured to verify if the user is authorized to access the partner application based on the user authentication credential;
  
  an issuing mechanism that is configured to issue the token to the wireless gateway, wherein the token grants access to the partner application by the wireless gateway on behalf of the user, if the user is authorized to access the partner application; and
  
  an access granting mechanism that is configured to grant access to the partner application; and
  
  a time stamp updating mechanism that is configured to update the time stamp within the token by the partner application, wherein if a second partner application within the set of partner applications updates the time stamp within the token, the wireless gateway can continue to grant access on behalf of the user to the set of partner applications in the wireless environment, and wherein if the current time is earlier than the time stamp within the token, the token can be used to access the partner application prior to updating the time stamp within the token.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus of claim 15,wherein the partner application is one of a plurality of partner applications;
    - andwherein the token can grant access to another application in the plurality of partner applications.
  - 17. The apparatus of claim 16, further comprising an establishing mechanism that is configured to allow an administrator to establish the plurality of partner applications.
  - 18. The apparatus of claim 17, wherein the administrator establishes the plurality of partner applications based on the user authentication credential.
  - 19. The apparatus of claim 15, further comprising an encrypting mechanism that is configured to encrypt the token issued to the wireless gateway to protect the token from tampering.
  - 20. The apparatus of claim 15, further comprising an encrypting mechanism that is configured to encrypt the user authentication credential during transit across a network.
  - 21. The apparatus of claim 15, further comprising a session establishing mechanism that is configured to establish a wireless session between a user device and the wireless gateway, whereby the user can access the partner application and receive output from the partner application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Bhatia, Gaurav, Swaminathan, Arun, Biswas, Kamalendu
Primary Examiner(s)
Cardone; Jason
Assistant Examiner(s)
Duong; Thomas

Application Number

US10/351,073
Time in Patent Office

1,866 Days
Field of Search

None
US Class Current

709/229
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0815   providing single-sign-on or...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/61   Time-dependent

Method and apparatus for single sign-on in a wireless environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for single sign-on in a wireless environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links