System and method for providing silent sign on across distributed applications

US 7,702,794 B1
Filed: 11/16/2004
Issued: 04/20/2010
Est. Priority Date: 11/16/2004
Status: Active Grant

First Claim

Patent Images

1. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:

logging the user onto a client computer using a client computer user ID associated with the user and the client computer;

sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system;

storing the trusted application list on the client computer;

using a browser on the client computer to select an application residing on a web applications server;

receiving a sign on signal from the selected application;

querying the trusted application list on the client computer to determine if the selected application is on the trusted application list;

in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to an automatic sign on procedure module loaded on the client computer;

using the automatic sign on procedure module to obtain a security token from an authentication server, the security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system; and

utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the application residing on the web applications server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for a distributed computing system where a user can login to a client computer and access a number of different applications installed on web servers. These applications are then provided access to data in mainframe systems without a user having to enter mainframe user id or password information for gaining access to the mainframe system. The system and method can utilize a sign on object which is installed onto the client computer. The sign on object operates to obtain and transmit a security token which authorizes access to the mainframe system, and the security token does not require the use of the cookie data. This system and method can pass the security token through the web server and the web application in an encrypted form which limits security risks.

48 Citations

View as Search Results

16 Claims

1. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
- logging the user onto a client computer using a client computer user ID associated with the user and the client computer;
  
  sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system;
  
  storing the trusted application list on the client computer;
  
  using a browser on the client computer to select an application residing on a web applications server;
  
  receiving a sign on signal from the selected application;
  
  querying the trusted application list on the client computer to determine if the selected application is on the trusted application list;
  
  in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to an automatic sign on procedure module loaded on the client computer;
  
  using the automatic sign on procedure module to obtain a security token from an authentication server, the security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system; and
  
  utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the application residing on the web applications server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the automatic sign on procedure module is a browser helper object on the client computer.
  - 3. The method of claim 2, further including:
    - generating a trusted site table on the client computer;
      
      using the browser helper object to determine if the selected application is in the trusted site table.
  - 4. The method of claim 3, further including:
    - storing trusted site information in the mainframe computer system;
      
      wherein the generating the trusted site table on the client computer includes, transmitting the stored trusted site information for the mainframe computer system to the client computer.
  - 5. The method of claim 2, further including:
    - using the browser helper object to transmit the client computer user ID to an authentication server;
      
      correlating the client computer user ID with the mainframe user ID identified in an authentication table.
  - 6. The method of claim 5, further including:
    - transmitting the security token from the authentication server through the browser helper object.
  - 7. The method of claim 6, further including:
    - generating the security token in the authentication server;
      
      encrypting the security token in the authentication server prior to transmitting the security token from the authentication server.
  - 8. The method of claim 1, where the security token includes the user ID for the mainframe computer system for the user logged onto the client computer.
  - 9. The method of claim 1, wherein the step of utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the application residing on the web applications server comprises:
    - receiving the security token at the client computer in an encrypted format;
      
      sending the security token to the web applications server in an encrypted format, wherein the web application server forwards the security token to a middleware server in the encrypted format, wherein the middleware server decrypts the security token to retrieve the mainframe user ID and establishes a server session for the user.
  - 10. The method of claim 1, wherein the method does not rely on HTTP cookies for operation.

11. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
- logging the user onto a client computer using a client computer user ID associated with the user and the client computer;
  
  determining from a registry if an automatic sign on procedure module is installed and creating the automatic sign on procedure module within a browser if the registry indicates the automatic sign on procedure module is installed;
  
  sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system;
  
  storing the trusted application list on the client computer;
  
  using the browser on the client computer to select an application residing on a server;
  
  receiving a sign on signal from the selected application;
  
  querying the trusted application list on the client computer to determine if the selected application is on the trusted application list;
  
  in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to the automatic sign on procedure module loaded on the client computer;
  
  using the automatic sign on procedure module to obtain a security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system, wherein the automatic sign on procedure module does not receive input from the user; and
  
  utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the selected application, wherein the security token is sent from the client computer to the mainframe computer system through the server.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 wherein the automatic sign on procedure module receives a setting to lock the client computer after a period of inactivity defined by the setting.
  - 13. The method of claim 11 wherein the security token is encrypted, wherein the security token can not be decrypted by the server.
  - 14. The method of claim 11 wherein the security token includes the mainframe user ID for the mainframe computer system and an IP address of the client computer.
  - 15. The method of claim 11 further including prompting the user to enter the mainframe user ID and a password if the automatic sign on procedure module fails to obtain the security token.

16. In a distributed computing system a method of providing a user with access to data stored on a mainframe computer system, the method including:
- logging the user onto a client computer using a client computer user ID associated with the user and the client computer;
  
  sending a signal from the client computer to the mainframe computer system to initiate a transfer of a trusted application list from the mainframe computer system to the client computer, the trusted application list comprising web applications that are authorized to access the data stored on the mainframe computer system;
  
  storing the trusted application list on the client computer;
  
  using a browser on the client computer to select an application residing on a server;
  
  receiving a sign on signal from the selected application;
  
  querying the trusted application list on the client computer to determine if the selected application is on the trusted application list;
  
  in response to the selection of the application and the application being on the trusted application list, transmitting a sign on procedure signal to an automatic sign on procedure module loaded on the client computer, wherein the automatic sign on procedure module is a browser helper object on the client computer, wherein the browser helper object comprises a Dynamic Linked Library;
  
  using the automatic sign on procedure module to obtain a security token including a mainframe user ID correlated to the client computer user ID and the mainframe computer system, wherein the automatic sign on procedure module does not receive input from the user; and
  
  utilizing the security token to provide the client computer with access to data stored on the mainframe computer system through the selected application, wherein the security token is sent from the client computer to the mainframe computer system through the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Charles Schwab & Company Incorporated (Charles Schwab Corporation)
Original Assignee
Charles Schwab Trust Company (Charles Schwab Corporation)
Inventors
Kakarla, Janardhan, Brietzke, Michael B., Hall, Ian G.
Primary Examiner(s)
Nawaz; Asad M

Application Number

US10/990,024
Time in Patent Office

1,981 Days
Field of Search

709202-207, 709/222, 709227-238, 709246-248, 713/150, 713155-157, 713/168, 713/172
US Class Current

709/227
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/0815 providing single-sign-on or...

System and method for providing silent sign on across distributed applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing silent sign on across distributed applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links