Method and system for single signon for multiple remote sites of a computer network

US 7,774,612 B1
Filed: 05/11/2007
Issued: 08/10/2010
Est. Priority Date: 10/03/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A system for implementing a single sign-on service for a computer network having a plurality of network servers including a first network server and a second network server, wherein each of the first and second network servers requires authentication of a remote user computer requesting access to the server, the system comprising:

one or more computer processors;

a database operative with at least one of the computer processors to store authentication information for authorized users of the first network server, the authentication information including usernames for the first network server and usernames for the second network server;

a mapping component operative with at least one of the computer processors to map the usernames for the first network server to the usernames for the second network server;

a linking component operative with at least one of the computer processors to generate an outgoing link request from the first network server, the outgoing link request including;

information for locating a resource of the second network server;

a first username received from the remote user computer and included in the authorized usernames;

a second username mapped from the first username by the mapping component; and

an encrypted component formed by encrypting information including the first username, the second username and a secret known to the first network server and the second network server; and

one or more authenticating components, operative with at least one of the computer processors, for;

generating an encryption result including encrypting information including the first username and the second username of the received link request using the encryption process and the secret;

comparing the encryption result with the encrypted component of the received link request; and

logging the remote user in to the second network based on the result of comparing the encryption result with the encrypted component of the link request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method links first and second computers of a network to implement a single signon feature. The use has a first username for accessing the first computer and a second username for accessing the second computer. The first computer generates a link request having a plaintext component including the first username and the second username and an encrypted component formed by encrypting the plaintext component using an encryption process and a secret. The link request is sent to the second computer, which validates the unencrypted information then generates an encryption result by encrypting the unencrypted information using the encryption process and a second secret known to the second computer and associated with the first network computer. The second computer compares the encryption result with the encrypted component of the incoming link request to determine whether the link request is valid.

53 Citations

View as Search Results

20 Claims

1. A system for implementing a single sign-on service for a computer network having a plurality of network servers including a first network server and a second network server, wherein each of the first and second network servers requires authentication of a remote user computer requesting access to the server, the system comprising:
- one or more computer processors;
  
  a database operative with at least one of the computer processors to store authentication information for authorized users of the first network server, the authentication information including usernames for the first network server and usernames for the second network server;
  
  a mapping component operative with at least one of the computer processors to map the usernames for the first network server to the usernames for the second network server;
  
  a linking component operative with at least one of the computer processors to generate an outgoing link request from the first network server, the outgoing link request including;
  
  information for locating a resource of the second network server;
  
  a first username received from the remote user computer and included in the authorized usernames;
  
  a second username mapped from the first username by the mapping component; and
  
  an encrypted component formed by encrypting information including the first username, the second username and a secret known to the first network server and the second network server; and
  
  one or more authenticating components, operative with at least one of the computer processors, for;
  
  generating an encryption result including encrypting information including the first username and the second username of the received link request using the encryption process and the secret;
  
  comparing the encryption result with the encrypted component of the received link request; and
  
  logging the remote user in to the second network based on the result of comparing the encryption result with the encrypted component of the link request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein the outgoing link requests can be in the form of a URL.
  - 3. The system of claim 1 wherein the outgoing link requests can be in the form of an HTTP URL.
  - 4. The system of claim 1 wherein the encrypted component is encrypted using a hashing function.
  - 5. The system of claim 1 wherein the hashing function is a one-way hashing function.
  - 6. The system of claim 1 wherein the outgoing link request further includes a timestamp in encrypted or unencrypted form.
  - 7. The system of claim 1 wherein the outgoing link request further includes a unique sequence number for each use of the outgoing link request and the sequence number is in encrypted or unencrypted form.
  - 8. The system of claim 1 further comprising means for redirecting the remote user computer to the second network server.

9. A system for implementing a single sign-on service for a computer network having a plurality of network servers including a first network server and second network server, wherein each of the first and second network servers requires authentication of a remote user computer requesting access to the server, the system comprising:
- one or more computer processors;
  
  a database operative with at least one of the computer processors to store authentication information for authorized users of the second network server, the authentication information including usernames for the first network server, usernames for the second network server and registration information for the second network server;
  
  an incoming component operative with at least one of the computer processors to accept an incoming link request, the incoming link request including;
  
  information for locating a resource of the second network server;
  
  an unencrypted component including a first username received from the remote user computer and verified by the first network server and a second username; and
  
  an encrypted component formed by encrypting the unencrypted component using a first encryption process and a first secret known to the first network server and the second network server;
  
  the incoming component also being operative with at least one of the computer processors to validate the incoming link request including;
  
  validating the unencrypted information including determining that there is a valid translation between the first username and the second username;
  
  then generating an encryption result by applying a second encryption process to the unencrypted information using a second secret known to the incoming component and associated with the first network server, wherein the second secret and the second encryption process are selected to attempt to match the first secret and the first encryption process based on the unencrypted information; and
  
  comparing the encryption result with the encrypted component of the incoming link request to determine whether the link request is valid; and
  
  a redirect component operative to communicate authentication information to the remote user computer.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The system of claim 9 wherein the redirect component is further operative to remove visible signs of the authentication information from a redirect URL.
  - 11. The system of claim 9 wherein the incoming link request is in the form of a URL.
  - 12. The system of claim 10 wherein the incoming link request is in the form of an HTTP URL.
  - 13. The system of claim 9 wherein the encrypted component is encrypted using a hashing function.
  - 14. The system of claim 13 wherein the hashing function is a one-way hashing function.
  - 15. The system of claim 9 wherein the encrypted information includes a timestamp.
  - 16. The system of claim 9 wherein the link request includes a unique sequence number for each use of the incoming link request.
  - 17. The system of claim 9 wherein the second secret is one of a plurality of secrets, the encryption result is one of a plurality of encryption results generated using each of the plurality of secrets and the link request is determined to be valid if any of the plurality of encryption results is valid.
  - 18. The system of claim 15 wherein the link request is determined to be valid if the timestamp is within a predefined timeblock.
  - 19. The system of claim 15 wherein the encryption result is one of a plurality of encryption results, each of which is generated using one of a plurality of timestamps, and the link request is determined to be valid if the encrypted component matches any of the plurality of encryption results.
  - 20. The system of claim 16 wherein the link request is determined to be valid if the sequence number has not been used before.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Trepp LLC (Daily Mail & General Trust Plc)
Inventors
Deutschmann, Frank, Tilly, Benjamin J.
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US11/801,933
Time in Patent Office

1,187 Days
Field of Search

726/8, 726/1, 726/2, 726/4, 726/21, 726/27, 726/5, 726/12, 713/153, 713/168, 713/182
US Class Current

713/182
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Method and system for single signon for multiple remote sites of a computer network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for single signon for multiple remote sites of a computer network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links