Method and apparatus to authenticate and authorize user access to a system
First Claim
1. A computer-implemented method to authenticate and authorize a user, the method comprising:
- receiving a request for authentication and authorization of the user, from a client computer, via a secondary site on behalf of the user, the user seeking permission to access a primary site via the secondary site, via a computer network, wherein the request includes user information corresponding to the user;
verifying the user information for authenticity, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the primary site;
based on the determining that the user satisfies the authentication and authorization criteria, generating a token associated with the user using an authenticator residing at the primary site to authenticate and authorize the user;
transmitting a portion of the token from the primary site, the portion of the token to be stored at the secondary site on behalf of the user to permit the user, from the client computer, to access the primary site via the secondary site, via the computer network; and
storing another portion of the token at the primary site to match with the portion of the token at the secondary site to allow the user multiple future accesses to the primary site via the secondary site.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and system are provided for authenticating and authorizing user access to a system. According to one embodiment, a request for authentication and authorization of a user is received from a secondary site on behalf of the user who is seeking to access a primary site via the secondary site via a computer network. The request includes information relating to the user. The user information is then verified for authenticity, including determining whether the user satisfies the criteria for obtaining authentication and authorization as defined by the primary site. If the criteria are satisfied, a token, associated with the user, is generated at the primary site. A portion of the token is transmitted from the primary site to the secondary site on behalf of the user to permit the user to access the primary site via the secondary site, via the computer network.
-
Citations
29 Claims
-
1. A computer-implemented method to authenticate and authorize a user, the method comprising:
-
receiving a request for authentication and authorization of the user, from a client computer, via a secondary site on behalf of the user, the user seeking permission to access a primary site via the secondary site, via a computer network, wherein the request includes user information corresponding to the user; verifying the user information for authenticity, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the primary site; based on the determining that the user satisfies the authentication and authorization criteria, generating a token associated with the user using an authenticator residing at the primary site to authenticate and authorize the user; transmitting a portion of the token from the primary site, the portion of the token to be stored at the secondary site on behalf of the user to permit the user, from the client computer, to access the primary site via the secondary site, via the computer network; and storing another portion of the token at the primary site to match with the portion of the token at the secondary site to allow the user multiple future accesses to the primary site via the secondary site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented system, the system comprising:
-
a client computer to receive a request from a user seeking to access a primary site via a secondary site, and to transmit the request to the secondary site via a computer network, wherein the request includes user information relating to the user; and the primary site coupled with the secondary site over the computer network, the primary site to; receive the request from the secondary site, the request initially received by the secondary site from the client computer; verify the user information, the verifying of the user information including determining whether the user satisfies authentication and authorization criteria, defined by the primary site; based on the determining that the user satisfies the authentication and authorization criteria, generate a token associated with the user using an authenticator of the primary site to authenticate and authorize the user; transmit a portion of the token from the primary site, the portion of the token to be stored at the secondary site on behalf of the user to permit the user, from the client computer, to access the primary site via the secondary site, via the computer network; and store another portion of the token to match with the portion of the token at the secondary site to allow the user multiple future accesses to the primary site via the secondary site. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A machine-readable medium having stored thereon data representing sets of instructions which, when executed by a machine, cause the machine to perform operations comprising:
-
receive a request for authentication and authorization of a user, from a client computer, via a secondary site on behalf of the user seeking permission to access a primary site via the secondary site, via a computer network, wherein the request includes user information corresponding to the user; verify the user information for authenticity, wherein the verifying of the user information includes determining whether the user satisfies authentication and authorization criteria, defined by the primary site; based on the determining that the user satisfies the authentication and authorization criteria, generate a token associated with the user by utilizing an authenticator of the primary site to authenticate and authorize the user; transmit a portion of the token from the primary site, the portion of the token to be stored at the secondary site on behalf of the user to permit the user, from the client computer, to access the primary site via the secondary site, via the computer network; and store another portion of the token at the primary site to match with the portion of the token at the secondary site to allow the user multiple future accesses to the primary site via the secondary site. - View Dependent Claims (20, 21, 22)
-
-
23. An apparatus, comprising:
-
means for receiving a request from a user, the user seeking to access a primary site via a client computer; means for transmitting the request to the primary site via a computer network, the request including user information relating to the user; means for receiving the request from the client computer via the secondary site; means for verifying the user information, the verifying of the user information including determining whether the user satisfies authentication and authorization criteria, defined by the primary site; based on the determining that the user satisfies the authentication and authorization criteria, means for generating a token associated with the user by utilizing an authenticator of the primary site to authenticate and authorize the user; means for transmitting a portion of the token from the primary site, the portion of the token to be stored at the secondary site on behalf of the user to permit the user to access the primary site via the secondary site, via the computer network; and means for storing another portion of the token to match with the portion of the token at the secondary site to allow the user multiple future accesses to the primary site via the secondary site. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification