Single sign-on with common access card
First Claim
1. A method comprising:
- accessing user information pertaining to a user;
logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server;
creating a token at the verification module,wherein the token is a unique identifier that is only valid for the user'"'"'s current login session,wherein the token is stored on the verification module, andwherein the verification module maintains a list of currently valid tokens;
providing the token to a presentation module, wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access;
receiving a request from the user to access a first application on the computer system,wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, andwherein the first application comprises a first token interface;
in response to receiving the request to access the first application, the presentation module providing the token to the first token interface;
the first token interface verifying the token by communicating with the verification module on the server;
receiving a request from the user to access a second application, the second application having a second ordinary login requirement that ordinarily requires the users to login in order to access the second application;
in response to receiving the request to access the second application, the presentation module providing the token to a second token interface,wherein the presentation module comprises the second token interface, andwherein the second token interface is coupled to the second application;
the second token interface verifying the token by communicating with the verification module on the server;
in response to the second token interface verifying the token, a ticket module generating a ticket that allows the user to bypass the second ordinary login requirement; and
providing the user access to the first and second applications.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism eliminates the number of times a user must login to individual services after initially logging into a computer system. A user only logs once into a computer system, and subsequent login requests by multiple services are handled automatically and transparently by the system. In one implementation, a user need only present a card to a card reader and enter a PIN, and the user is logged-in after presenting the card and a valid PIN. The system generates a token that is valid for this particular login session of the user, and when the user accesses a permissioned service, the system automatically logs-in the user to the application using the token. The system can perform the automatic login the user to a variety of applications including legacy applications, web-enabled applications, and commercial, off-the-shelf applications.
41 Citations
25 Claims
-
1. A method comprising:
-
accessing user information pertaining to a user; logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server; creating a token at the verification module, wherein the token is a unique identifier that is only valid for the user'"'"'s current login session, wherein the token is stored on the verification module, and wherein the verification module maintains a list of currently valid tokens; providing the token to a presentation module, wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access; receiving a request from the user to access a first application on the computer system, wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, and wherein the first application comprises a first token interface; in response to receiving the request to access the first application, the presentation module providing the token to the first token interface; the first token interface verifying the token by communicating with the verification module on the server; receiving a request from the user to access a second application, the second application having a second ordinary login requirement that ordinarily requires the users to login in order to access the second application; in response to receiving the request to access the second application, the presentation module providing the token to a second token interface, wherein the presentation module comprises the second token interface, and wherein the second token interface is coupled to the second application; the second token interface verifying the token by communicating with the verification module on the server; in response to the second token interface verifying the token, a ticket module generating a ticket that allows the user to bypass the second ordinary login requirement; and providing the user access to the first and second applications. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a verification module configured to generate a token after authentication of a user; a presentation module configured to present application information to the user for applications that the user is allowed to access and configured to allow the user to select one of the applications that the user is allowed to access, a first application configured to receive the token and to verify the validity of the token by interfacing with the verification module, wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, and wherein the first application comprises a first token interface configured to provide access to the user based on the verification of the token; a second token interface coupled to a second application and configured to receive the token, to verify the token by interfacing with the verification module, and to provide access to the user based on the verification of the token; wherein the second application has a second ordinary login requirement that ordinarily requires the users to login in order to access the second application, and wherein the presentation module comprises the second token interface; and wherein the second token interface is coupled to the second application; a ticket module associated with the second application and coupled to the second token interface, wherein the ticket module is further configured to generate a ticket after the second token interface verifies the token, wherein the ticket is configured to allow the user to bypass the second ordinary login requirement, and wherein the second application is configured to receive the ticket and allow access to the user based on the receipt of the ticket. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer program product comprising one of more computer-readable media, the media collectively having instructions that when executed on one or more machines result in at least the following:
-
accessing user information pertaining to a user; logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server; creating a token at the verification module, wherein the token is a unique identifier that is only valid for the user'"'"'s current login session, wherein the token is stored on the verification module, and wherein the verification module maintains a list of currently valid tokens; providing the token to a presentation module, wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access; receiving a request from the user to access a first application on the computer system, wherein the first application has a first ordinary login requirement that ordinarily requires users to login in order to access the first application, and wherein the first application comprises a first token interface; in response to receiving the request to access the first application, the presentation module providing the token to the first token interface; the first token interface verifying the token by communicating with the verification module on the server; receiving a request from the user to access a second application, the second application having a second ordinary login requirement that ordinarily requires the users to login in order to access the second application; in response to receiving the request to access the second application, the presentation module providing the token to a second token interface, wherein the presentation module comprises the second token interface, and wherein the second token interface is coupled to the second application; the second token interface verifying the token by communicating with the verification module on the server; in response to the second token interface verifying the second token, a ticket module generating a ticket that allows the user to bypass the second ordinary login requirement; and providing the user access to the first and second applications. - View Dependent Claims (13)
-
-
14. A method comprising:
-
accessing user information pertaining to a user; logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server; creating a plurality of tokens at the verification module for accessing a plurality of applications and providing at least one of the tokens to a presentation module; wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access; wherein each of the tokens is a unique identifier for allowing access to an application associated therewith; and wherein each of the applications has a token interface associated therewith for token verification, wherein the associated token interface couples the user to a selected application with a coupling that comprises one of the following; the associated token interface comprises an interface in the selected application; the associated token interface comprises an interface in the presentation module and is coupled to the selected application through a tickets module that, in response to the token verification, generates a ticket that allows the user to bypass the second ordinary login requirement; and the associated token interface is associated with an application portal coupled to the selected application; receiving a request from the user to access a first application; in response to receiving the request to access the first application, the presentation module providing a first token to a first token interface associated with the first application; the first token interface verifying the first token by communicating with the verification module on the server; receiving a request from the user to access a second application; in response to receiving the request to access the second application, the presentation module providing a second token to a second token interface having a different coupling than the first token interface; the second token interface verifying the second token by communicating with the verification module on the server; and providing the user access to the first and second applications. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system comprising:
-
a verification module configured to generate a plurality of tokens for accessing a plurality of applications after authentication of a user, wherein each of the tokens is a unique identifier for allowing access to an application associated therewith, a presentation module configured to present application information to the user for applications that the user is allowed to access and configured to allow the user to select one of the applications that the user is allowed to access, and a plurality of token interfaces associated with the plurality of applications for verifying the plurality of tokens, wherein each of the token interfaces is configured to couple the user to an associated application with a coupling that comprises one of the following; the associated token interface comprises an interface in the associated application; the associated token interface comprises an interface in the presentation module and is coupled to the associated application through a tickets module that, in response to token verification, generates a ticket that allows the user to bypass the second ordinary login requirement; and the associated token interface is associated with an application portal coupled to the associated application; and a first token interface associated with a first application configured to receive a token and to verify the validity of the token by interfacing with the verification module; and a second token interface associated with a second application and configured to receive the token, to verify the token by interfacing with the verification module, and to provide access to the user based on the verification of the token, the second token interface having a different coupling than the first token interface. - View Dependent Claims (20, 21)
-
-
22. A computer program product comprising one of more computer-readable media, the media collectively having instructions that when executed on one or more machines result in at least the following:
-
accessing user information pertaining to a user; logging-in the user to a computer system based on the user information by verifying the user information at a verification module on a server; creating a plurality of tokens at the verification module for accessing a plurality of applications and providing at least one of the tokens to a presentation module; wherein the presentation module presents application information to the user for applications that the user is allowed to access and allows the user to select one of the applications that the user is allowed to access; wherein each of the tokens is a unique identifier for allowing access to an application associated therewith; and wherein each of the applications has a token interface associated therewith for token verification, wherein the associated token interface couples the user to a selected application with a coupling that comprises one of the following; the associated token interface comprises an interface in the selected application; the associated token interface comprises an interface in the presentation module and is coupled to the selected application through a tickets module that, in response to the token verification, generates a ticket that allows the user to bypass the second ordinary login requirement; and the associated token interface is associated with an application portal coupled to the selected application; receiving a request from the user to access a first application; in response to receiving the request to access the first application, the presentation module providing a first token to a first token interface associated with the first application; the first token interface verifying the first token by communicating with the verification module on the server; receiving a request from the user to access a second application; in response to receiving the request to access the second application, the presentation module providing a second token to a second token interface having a different coupling than the first token interface; the second token interface verifying the second token by communicating with the verification module on the server; and providing the user access to the first and second applications. - View Dependent Claims (23, 24, 25)
-
Specification