Method and system for single signon for multiple remote sites of a computer network
First Claim
1. A system for implementing a single sign-on service for a computer network having a plurality of network servers including a first network server and a second network server, wherein each of the first and second network servers requires authentication of a remote user computer requesting access to the server, the system comprising:
- one or more computer processors;
a database operative with at least one of the computer processors to store authentication information for authorized users of the first network server, the authentication information including usernames for the first network server and usernames for the second network server;
a mapping component operative with at least one of the computer processors to map the usernames for the first network server to the usernames for the second network server;
a linking component operative with at least one of the computer processors to generate an outgoing link request from the first network server, the outgoing link request including;
information for locating a resource of the second network server;
a first username received from the remote user computer and included in the authorized usernames;
a second username mapped from the first username by the mapping component; and
an encrypted component formed by encrypting information including the first username, the second username and a secret known to the first network server and the second network server; and
one or more authenticating components, operative with at least one of the computer processors, for;
generating an encryption result including encrypting information including the first username and the second username of the received link request using the encryption process and the secret;
comparing the encryption result with the encrypted component of the received link request; and
logging the remote user in to the second network based on the result of comparing the encryption result with the encrypted component of the link request.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method links first and second computers of a network to implement a single signon feature. The use has a first username for accessing the first computer and a second username for accessing the second computer. The first computer generates a link request having a plaintext component including the first username and the second username and an encrypted component formed by encrypting the plaintext component using an encryption process and a secret. The link request is sent to the second computer, which validates the unencrypted information then generates an encryption result by encrypting the unencrypted information using the encryption process and a second secret known to the second computer and associated with the first network computer. The second computer compares the encryption result with the encrypted component of the incoming link request to determine whether the link request is valid.
53 Citations
20 Claims
-
1. A system for implementing a single sign-on service for a computer network having a plurality of network servers including a first network server and a second network server, wherein each of the first and second network servers requires authentication of a remote user computer requesting access to the server, the system comprising:
-
one or more computer processors; a database operative with at least one of the computer processors to store authentication information for authorized users of the first network server, the authentication information including usernames for the first network server and usernames for the second network server; a mapping component operative with at least one of the computer processors to map the usernames for the first network server to the usernames for the second network server; a linking component operative with at least one of the computer processors to generate an outgoing link request from the first network server, the outgoing link request including; information for locating a resource of the second network server; a first username received from the remote user computer and included in the authorized usernames; a second username mapped from the first username by the mapping component; and an encrypted component formed by encrypting information including the first username, the second username and a secret known to the first network server and the second network server; and one or more authenticating components, operative with at least one of the computer processors, for; generating an encryption result including encrypting information including the first username and the second username of the received link request using the encryption process and the secret; comparing the encryption result with the encrypted component of the received link request; and logging the remote user in to the second network based on the result of comparing the encryption result with the encrypted component of the link request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for implementing a single sign-on service for a computer network having a plurality of network servers including a first network server and second network server, wherein each of the first and second network servers requires authentication of a remote user computer requesting access to the server, the system comprising:
-
one or more computer processors; a database operative with at least one of the computer processors to store authentication information for authorized users of the second network server, the authentication information including usernames for the first network server, usernames for the second network server and registration information for the second network server; an incoming component operative with at least one of the computer processors to accept an incoming link request, the incoming link request including; information for locating a resource of the second network server; an unencrypted component including a first username received from the remote user computer and verified by the first network server and a second username; and an encrypted component formed by encrypting the unencrypted component using a first encryption process and a first secret known to the first network server and the second network server; the incoming component also being operative with at least one of the computer processors to validate the incoming link request including; validating the unencrypted information including determining that there is a valid translation between the first username and the second username; then generating an encryption result by applying a second encryption process to the unencrypted information using a second secret known to the incoming component and associated with the first network server, wherein the second secret and the second encryption process are selected to attempt to match the first secret and the first encryption process based on the unencrypted information; and comparing the encryption result with the encrypted component of the incoming link request to determine whether the link request is valid; and a redirect component operative to communicate authentication information to the remote user computer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification