Seamless cross-site user authentication status detection and automatic login

US 7,596,804 B2
Filed: 07/02/2003
Issued: 09/29/2009
Est. Priority Date: 07/02/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus for a baseline authentication agency for determining a user'"'"'s login status as the user accesses a site within a network, said apparatus comprising:

a database storing information about partner web sites that have been selected by a user for defining login parameters of the user associated with one or more of the partner web sites;

a baseline authentication agency server for providing core global network authentication services configured;

to receive a request from a user'"'"'s browser, the request comprising;

a site identification identifying a site; and

a cookie related to the user and including;

a reference to the baseline authentication agency; and

an identifier distinguishing the baseline authentication agency which is associated with the user from a set of baseline authentication agencies;

to determine whether the cookie is valid;

to determine whether the user has authorized seamless login for the site using the information from the database; and

to generate a login ticket for the site and send the login ticket to the user'"'"'s browser if the cookie is valid and the user has authorized seamless login for the site;

wherein the cookie is stored on a global network domain used for cookie sharing and the site is one of a collection of partner sites with access to cookies shared on the global network domain.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.

51 Citations

View as Search Results

16 Claims

1. An apparatus for a baseline authentication agency for determining a user'"'"'s login status as the user accesses a site within a network, said apparatus comprising:
- a database storing information about partner web sites that have been selected by a user for defining login parameters of the user associated with one or more of the partner web sites;
  
  a baseline authentication agency server for providing core global network authentication services configured;
  
  to receive a request from a user'"'"'s browser, the request comprising;
  
  a site identification identifying a site; and
  
  a cookie related to the user and including;
  
  a reference to the baseline authentication agency; and
  
  an identifier distinguishing the baseline authentication agency which is associated with the user from a set of baseline authentication agencies;
  
  to determine whether the cookie is valid;
  
  to determine whether the user has authorized seamless login for the site using the information from the database; and
  
  to generate a login ticket for the site and send the login ticket to the user'"'"'s browser if the cookie is valid and the user has authorized seamless login for the site;
  
  wherein the cookie is stored on a global network domain used for cookie sharing and the site is one of a collection of partner sites with access to cookies shared on the global network domain.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the baseline authentication agency provides authentication services for a subset of users of the global network domain, the baseline authentication agency server further configured to:
    - after authenticating the user, write the site identification along with an authenticated status of true into the cookie of the user stored on the global network domain and shared and accessible by the collection of partner sites; and
      
      after the user logs out of said global network domain, reset the user'"'"'s authenticated status to false in the cookie.
  - 3. The apparatus of claim 1, wherein the baseline authentication agency server is further configured to:
    - receive the ticket from the site;
      
      determine whether the ticket is valid; and
      
      if the ticket is valid, send user identification information to the site, the user identification information to be used by the site to login the user.
  - 4. The apparatus of claim 1, wherein the baseline authentication agency server is further configured to:
    - send a message to the user'"'"'s browser that indicates that no ticket is available if the cookie is not valid or if the user has not authorized seamless login for the site.
  - 5. The apparatus of claim 1, wherein the baseline authentication agency server further comprises:
    - a globally unique identifier for each global network user account, wherein said globally unique identifier is a primary key with which the database is indexed.

6. A computer-implemented method for a baseline authentication agency that determines a user'"'"'s login permission for a site, the method comprising:
- receiving a request from a user'"'"'s browser, the request comprising a site identifier related to a site, and a cookie related to a user and including a reference designating the baseline authentication agency, the baseline authentication as one of a set of baseline authentication agencies and associated with the user;
  
  determining whether the cookie is valid;
  
  if the cookie is valid,determining whether the user has authorized seamless login for the site, the site selected by the user to establish the site as one of a group of partner sites for which the user has defined login parameters; and
  
  generating a login ticket for the site and sending the login ticket to the user'"'"'s browser if the user has authorized seamless login for the site;
  
  wherein the cookie is stored on a global network domain used for cookie sharing and the site is one of a collection of partner sites with access to cookies shared on the global network domain.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6 further comprising:
    - checking if the site identifier is known or valid.
  - 8. The method of claim 6, further comprising:
    - generating JavaScript code writing out an HTML form comprising the login ticket as a hidden field and writing out a partner Web site global network login handler as an action URL, and auto-submitting said form such that the browser posts the form to a partner Web site global network login handler URL on the partner site.
  - 9. The method of method of claim 6, wherein the cookie includes a set of user information.
  - 10. The method of claim 6, wherein the site is one of a collection of partner sites.
  - 11. The method of claim 6, wherein generating the login ticket for the site comprises generating JavaScript code that stores the login ticket.
  - 12. The method of claim 11, wherein sending the login ticket for the site comprises sending the JavaScript code.
  - 13. The method of claim 6, further comprising:
    - if the cookie is valid;
      
      receiving the ticket from the site;
      
      determining whether the ticket is valid; and
      
      if the ticket is valid, sending user identification information to the site, the user identification information to be used by the site to login the user.
  - 14. A storage medium having a computer program stored thereon for causing a suitably programmed system to process computer-program code by performing the method of claim 6 when such program is executed on the system.

15. A baseline authentication agency associated with the user and configured to determine the user'"'"'s login permission for a site, the baseline authentication agency comprising:
- a list of partner sites that have been selected by a user and include login parameters for the user associated with one or more of the sites;
  
  a baseline authentication agency server configured to;
  
  receive a request from a user'"'"'s browser, the request comprising a site identifier related to a site, and a cookie related to a user and referencing the baseline authentication agency associated with the user;
  
  determine whether the cookie is valid;
  
  determine whether the user has authorized seamless login for the site; and
  
  if the cookie is valid and the user has authorized seamless login for the site,generate a login ticket for the site;
  
  send the login ticket to the user'"'"'s browser;
  
  wherein the cookie is stored on a global network domain used for cookie sharing and the site is one of a collection of partner sites with access to cookies shared on the global network domain.
- View Dependent Claims (16)
- - 16. The baseline authentication agency of claim 15, wherein the baseline authentication agency server is further configured to:
    - receive the ticket from the site;
      
      determine whether the ticket is valid; and
      
      if the ticket is valid, send user identification information to the site, the user identification information to be used by the site to login the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Cahill, Conor, Toomey, Christopher Newell
Primary Examiner(s)
Vu, Kimyen
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US10/519,774
Publication Number

US 20050216582A1
Time in Patent Office

2,281 Days
Field of Search

726 1- 8, 726 17- 21, 726 27- 30, 713/150, 713/155, 713182-186, 713188-189, 713/159, 713/170, 709/203, 709223-225, 709212-219, 709228-229, 711/5, 711100-105, 711111-112, 711/128, 711/154, 707 1- 3, 707/8, 707/10, 707/100, 707103 R-103 Z, 707200-205, 705/67, 705 75- 79, 705/18, 705/21, 705/26, 705 42- 44, 705404-405
US Class Current

726/5
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0807 using tickets, e.g. Kerbero...

Seamless cross-site user authentication status detection and automatic login

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Seamless cross-site user authentication status detection and automatic login

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links