System and method for providing silent sign on across distributed applications
First Claim
1. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
- logging the user onto a client computer using a client computer user ID associated with the user and the client computer;
sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system;
storing the trusted application list on the client computer;
using a browser on the client computer to select an application residing on a web applications server;
receiving a sign on signal from the selected application;
querying the trusted application list on the client computer to determine if the selected application is on the trusted application list;
in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to an automatic sign on procedure module loaded on the client computer;
using the automatic sign on procedure module to obtain a security token from an authentication server, the security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system; and
utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the application residing on the web applications server.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method is provided for a distributed computing system where a user can login to a client computer and access a number of different applications installed on web servers. These applications are then provided access to data in mainframe systems without a user having to enter mainframe user id or password information for gaining access to the mainframe system. The system and method can utilize a sign on object which is installed onto the client computer. The sign on object operates to obtain and transmit a security token which authorizes access to the mainframe system, and the security token does not require the use of the cookie data. This system and method can pass the security token through the web server and the web application in an encrypted form which limits security risks.
-
Citations
16 Claims
-
1. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
-
logging the user onto a client computer using a client computer user ID associated with the user and the client computer; sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system; storing the trusted application list on the client computer; using a browser on the client computer to select an application residing on a web applications server; receiving a sign on signal from the selected application; querying the trusted application list on the client computer to determine if the selected application is on the trusted application list; in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to an automatic sign on procedure module loaded on the client computer; using the automatic sign on procedure module to obtain a security token from an authentication server, the security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system; and utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the application residing on the web applications server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
-
logging the user onto a client computer using a client computer user ID associated with the user and the client computer; determining from a registry if an automatic sign on procedure module is installed and creating the automatic sign on procedure module within a browser if the registry indicates the automatic sign on procedure module is installed; sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system; storing the trusted application list on the client computer; using the browser on the client computer to select an application residing on a server; receiving a sign on signal from the selected application; querying the trusted application list on the client computer to determine if the selected application is on the trusted application list; in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to the automatic sign on procedure module loaded on the client computer; using the automatic sign on procedure module to obtain a security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system, wherein the automatic sign on procedure module does not receive input from the user; and utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the selected application, wherein the security token is sent from the client computer to the mainframe computer system through the server. - View Dependent Claims (12, 13, 14, 15)
-
-
16. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
-
logging the user onto a client computer using a client computer user ID associated with the user and the client computer; sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system; storing the trusted application list on the client computer; using a browser on the client computer to select an application residing on a server; receiving a sign on signal from the selected application; querying the trusted application list on the client computer to determine if the selected application is on the trusted application list; in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to an automatic sign on procedure module loaded on the client computer, wherein the automatic sign on procedure module is a browser helper object on the client computer, wherein the browser helper object comprises a Dynamic Linked Library; using the automatic sign on procedure module to obtain a security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system, wherein the automatic sign on procedure module does not receive input from the user; and utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the selected application, wherein the security token is sent from the client computer to the mainframe computer system through the server.
-
Specification