Single sign-on with common access card

US 7,818,582 B2
Filed: 06/27/2005
Issued: 10/19/2010
Est. Priority Date: 06/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accessing user information pertaining to a user;

logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server;

creating a token at the verification module,wherein the token is a unique identifier that is only valid for the user'"'"'s current login session,wherein the token is stored on the verification module, andwherein the verification module maintains a list of currently valid tokens;

providing the token to a presentation module, wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access;

receiving a request from the user to access a first application on the computer system,wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, andwherein the first application comprises a first token interface;

in response to receiving the request to access the first application, the presentation module providing the token to the first token interface;

the first token interface verifying the token by communicating with the verification module on the server;

receiving a request from the user to access a second application, the second application having a second ordinary login requirement that ordinarily requires the users to login in order to access the second application;

in response to receiving the request to access the second application, the presentation module providing the token to a second token interface,wherein the presentation module comprises the second token interface, andwherein the second token interface is coupled to the second application;

the second token interface verifying the token by communicating with the verification module on the server;

in response to the second token interface verifying the token, a ticket module generating a ticket that allows the user to bypass the second ordinary login requirement; and

providing the user access to the first and second applications.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism eliminates the number of times a user must login to individual services after initially logging into a computer system. A user only logs once into a computer system, and subsequent login requests by multiple services are handled automatically and transparently by the system. In one implementation, a user need only present a card to a card reader and enter a PIN, and the user is logged-in after presenting the card and a valid PIN. The system generates a token that is valid for this particular login session of the user, and when the user accesses a permissioned service, the system automatically logs-in the user to the application using the token. The system can perform the automatic login the user to a variety of applications including legacy applications, web-enabled applications, and commercial, off-the-shelf applications.

41 Citations

View as Search Results

25 Claims

1. A method comprising:
- accessing user information pertaining to a user;
  
  logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server;
  
  creating a token at the verification module,wherein the token is a unique identifier that is only valid for the user'"'"'s current login session,wherein the token is stored on the verification module, andwherein the verification module maintains a list of currently valid tokens;
  
  providing the token to a presentation module, wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access;
  
  receiving a request from the user to access a first application on the computer system,wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, andwherein the first application comprises a first token interface;
  
  in response to receiving the request to access the first application, the presentation module providing the token to the first token interface;
  
  the first token interface verifying the token by communicating with the verification module on the server;
  
  receiving a request from the user to access a second application, the second application having a second ordinary login requirement that ordinarily requires the users to login in order to access the second application;
  
  in response to receiving the request to access the second application, the presentation module providing the token to a second token interface,wherein the presentation module comprises the second token interface, andwherein the second token interface is coupled to the second application;
  
  the second token interface verifying the token by communicating with the verification module on the server;
  
  in response to the second token interface verifying the token, a ticket module generating a ticket that allows the user to bypass the second ordinary login requirement; and
  
  providing the user access to the first and second applications.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - receiving a request from the user to access a third application on the computer system,wherein the third application has a third ordinary login requirement that ordinarily requires users to login in order to access the third application through an application portal, andwherein the application portal comprises a third token interface;
      
      in response to receiving the request to access the third application, the presentation module providing the token to the third token interface;
      
      the third token interface verifying the token by communicating with the verification module on the server; and
      
      providing the user access to the third application.
  - 3. The method of claim 1, further comprising using stored user information to login the user to the first and second applications.
  - 4. The method of claim 1, wherein accessing user information pertaining to the user comprises accessing information from a common access card.
  - 5. The method of claim 1, further comprising providing the user a single sign-on feature for all applications that the user has rights to access on the computer system.
  - 6. The method of claim 1, wherein the presentation module provides a common portal presentation to all users of the computer system.

7. A system comprising:
- a verification module configured to generate a token after authentication of a user;
  
  a presentation module configured to present application information to the user for applications that the user is allowed to access and configured to allow the user to select one of the applications that the user is allowed to access,a first application configured to receive the token and to verify the validity of the token by interfacing with the verification module,wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, andwherein the first application comprises a first token interface configured to provide access to the user based on the verification of the token;
  
  a second token interface coupled to a second application and configured to receive the token, to verify the token by interfacing with the verification module, and to provide access to the user based on the verification of the token;
  
  wherein the second application has a second ordinary login requirement that ordinarily requires the users to login in order to access the second application, andwherein the presentation module comprises the second token interface; and
  
  wherein the second token interface is coupled to the second application;
  
  a ticket module associated with the second application and coupled to the second token interface,wherein the ticket module is further configured to generate a ticket after the second token interface verifies the token,wherein the ticket is configured to allow the user to bypass the second ordinary login requirement, andwherein the second application is configured to receive the ticket and allow access to the user based on the receipt of the ticket.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, further comprising an application portal comprising a third token interface, the third token interface coupled to a third application and configured to receive the token and to allow the user access to the third application through the application portal based on the receipt of the token.
  - 9. The system of claim 7, wherein the presentation module is configured to provide a common portal presentation to all users of the computer system.
  - 10. The system of claim 7, wherein the token is a unique identifier that is only valid for the user'"'"'s current login session.
  - 11. The system of claim 7, wherein the token is stored on the verification module, and wherein the verification module maintains a list of currently valid tokens.

12. A computer program product comprising one of more computer-readable media, the media collectively having instructions that when executed on one or more machines result in at least the following:
- accessing user information pertaining to a user;
  
  logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server;
  
  creating a token at the verification module,wherein the token is a unique identifier that is only valid for the user'"'"'s current login session,wherein the token is stored on the verification module, andwherein the verification module maintains a list of currently valid tokens;
  
  providing the token to a presentation module, wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access;
  
  receiving a request from the user to access a first application on the computer system,wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, andwherein the first application comprises a first token interface;
  
  in response to receiving the request to access the first application, the presentation module providing the token to the first token interface;
  
  the first token interface verifying the token by communicating with the verification module on the server;
  
  receiving a request from the user to access a second application, the second application having a second ordinary login requirement that ordinarily requires the users to login in order to access the second application;
  
  in response to receiving the request to access the second application, the presentation module providing the token to a second token interface,wherein the presentation module comprises the second token interface, andwherein the second token interface is coupled to the second application;
  
  the second token interface verifying the token by communicating with the verification module on the server;
  
  in response to the second token interface verifying the second token, a ticket module generating a ticket that allows the user to bypass the second ordinary login requirement; and
  
  providing the user access to the first and second applications.
- View Dependent Claims (13)
- - 13. The computer program product of claim 12, wherein the computer-readable media further have instructions that when executed on one or more machines result in at least the following:
    - receiving a request from the user to access a third application on the computer system,wherein the third application has a third ordinary login requirement that ordinarily requires users to login in order to access the third application through an application portal, andwherein the application portal comprises a third token interface;
      
      in response to receiving the request to access the third application, the presentation module providing the token to the third token interface;
      
      the third token interface verifying the token by communicating with the verification module on the server; and
      
      providing the user access to the third application.

14. A method comprising:
- accessing user information pertaining to a user;
  
  logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server;
  
  creating a plurality of tokens at the verification module for accessing a plurality of applications and providing at least one of the tokens to a presentation module;
  
  wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access;
  
  wherein each of the tokens is a unique identifier for allowing access to an application associated therewith; and
  
  wherein each of the applications has a token interface associated therewith for token verification, wherein the associated token interface couples the user to a selected application with a coupling that comprises one of the following;
  
  the associated token interface comprises an interface in the selected application;
  
  the associated token interface comprises an interface in the presentation module and is coupled to the selected application through a tickets module that, in response to the token verification, generates a ticket that allows the user to bypass the second ordinary login requirement; and
  
  the associated token interface is associated with an application portal coupled to the selected application;
  
  receiving a request from the user to access a first application;
  
  in response to receiving the request to access the first application, the presentation module providing a first token to a first token interface associated with the first application;
  
  the first token interface verifying the first token by communicating with the verification module on the server;
  
  receiving a request from the user to access a second application;
  
  in response to receiving the request to access the second application, the presentation module providing a second token to a second token interface having a different coupling than the first token interface;
  
  the second token interface verifying the second token by communicating with the verification module on the server; and
  
  providing the user access to the first and second applications.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the tokens are stored on the verification module, and wherein the verification module maintains a list of currently valid tokens.
  - 16. The method of claim 14, further comprising using stored user information to login the user to the first and second applications.
  - 17. The method of claim 14, further comprising providing the user a single sign-on feature for all applications that the user has rights to access on the computer system.
  - 18. The method of claim 17, wherein the presentation module provides a common portal presentation to all users of the computer system.

19. A system comprising:
- a verification module configured to generate a plurality of tokens for accessing a plurality of applications after authentication of a user,wherein each of the tokens is a unique identifier for allowing access to an application associated therewith,a presentation module configured to present application information to the user for applications that the user is allowed to access and configured to allow the user to select one of the applications that the user is allowed to access, anda plurality of token interfaces associated with the plurality of applications for verifying the plurality of tokens,wherein each of the token interfaces is configured to couple the user to an associated application with a coupling that comprises one of the following;
  
  the associated token interface comprises an interface in the associated application;
  
  the associated token interface comprises an interface in the presentation module and is coupled to the associated application through a tickets module that, in response to token verification, generates a ticket that allows the user to bypass the second ordinary login requirement; and
  
  the associated token interface is associated with an application portal coupled to the associated application; and
  
  a first token interface associated with a first application configured to receive a token and to verify the validity of the token by interfacing with the verification module; and
  
  a second token interface associated with a second application and configured to receive the token, to verify the token by interfacing with the verification module, and to provide access to the user based on the verification of the token, the second token interface having a different coupling than the first token interface.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, wherein the verification module is further configured to store the tokens and to maintain a list of currently valid tokens.
  - 21. The system of claim 19, wherein the presentation module is further configured to provide a common portal presentation to the user.

22. A computer program product comprising one of more computer-readable media, the media collectively having instructions that when executed on one or more machines result in at least the following:
- accessing user information pertaining to a user;
  
  logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server;
  
  creating a plurality of tokens at the verification module for accessing a plurality of applications and providing at least one of the tokens to a presentation module;
  
  wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access;
  
  wherein each of the tokens is a unique identifier for allowing access to an application associated therewith; and
  
  wherein each of the applications has a token interface associated therewith for token verification, wherein the associated token interface couples the user to a selected application with a coupling that comprises one of the following;
  
  the associated token interface comprises an interface in the selected application;
  
  the associated token interface comprises an interface in the presentation module and is coupled to the selected application through a tickets module that, in response to the token verification, generates a ticket that allows the user to bypass the second ordinary login requirement; and
  
  the associated token interface is associated with an application portal coupled to the selected application;
  
  receiving a request from the user to access a first application;
  
  in response to receiving the request to access the first application, the presentation module providing a first token to a first token interface associated with the first application;
  
  the first token interface verifying the first token by communicating with the verification module on the server;
  
  receiving a request from the user to access a second application;
  
  in response to receiving the request to access the second application, the presentation module providing a second token to a second token interface having a different coupling than the first token interface;
  
  the second token interface verifying the second token by communicating with the verification module on the server; and
  
  providing the user access to the first and second applications.
- View Dependent Claims (23, 24, 25)
- - 23. The computer program product of claim 22, further comprising instructions that when executed on one or more machines result in storing the tokens on the verification module, wherein the verification module maintains a list of currently valid tokens.
  - 24. The computer program product of claim 22, further comprising instructions that when executed on one or more machines result in providing the user a single sign-on feature for all applications that the user has rights to access on the computer system.
  - 25. The computer program product of claim 22, further comprising instructions that when executed on one or more machines result in the presentation module providing a common portal presentation to all users of the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services GmbH (Accenture PLC)
Inventors
Jewell, Andrew W., Marion, Donald E.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
TABOR, AMARE F

Application Number

US11/166,343
Publication Number

US 20060031683A1
Time in Patent Office

1,940 Days
Field of Search

726/8, 713/168, 713/185
US Class Current

713/185
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

Single sign-on with common access card

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on with common access card

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links