System and method for delegating a user authentication process for a networked application to an authentication agent

US 7,877,492 B2
Filed: 02/26/2004
Issued: 01/25/2011
Est. Priority Date: 10/12/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating a particular user of a networked application, wherein the networked application has a client side and a server side, the method implemented by the server side of the networked application and comprising:

receiving authentication information for said particular user from the client side of the networked application;

storing information about a plurality of users, a plurality of groups, and a plurality of authentication agents, wherein said particular user is one of said plurality of users and the stored information indicates which of the plurality of users are members of which of the plurality of groups and which of the plurality of authentication agents are associated with which of the plurality of groups;

using the authentication information received from the client side of the networked application to access the stored information to identify in which of the plurality of groups said particular user is a member and to identify which of the plurality of authentication agents is associated with the identified group;

passing the authentication information to the identified authentication agent that is associated with the identified group in which said particular user is a member;

receiving from the identified authentication agent results of an authentication attempt by the identified authentication agent; and

authorizing the user of the networked application to access the networked application if the authentication attempt was successful.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for delegating a user authentication process for a networked application to an authentication proxy. A networked application may request a user to provide authentication information in order to access the application. Upon receiving this authentication information from the user, the client side of the networked application sends the information to the server side of the networked application. The server side of the application may then determine an appropriate authentication agent associated with the user to delegate the authentication process to. For example, for each application user, the server side of the application may maintain information associated with the user, such as the user'"'"'s employer. The application may then match this employer information to an authentication agent running in the employer'"'"'s network domain, and the authentication process may then be delegated to this authentication agent.

104 Citations

View as Search Results

14 Claims

1. A method for authenticating a particular user of a networked application, wherein the networked application has a client side and a server side, the method implemented by the server side of the networked application and comprising:
- receiving authentication information for said particular user from the client side of the networked application;
  
  storing information about a plurality of users, a plurality of groups, and a plurality of authentication agents, wherein said particular user is one of said plurality of users and the stored information indicates which of the plurality of users are members of which of the plurality of groups and which of the plurality of authentication agents are associated with which of the plurality of groups;
  
  using the authentication information received from the client side of the networked application to access the stored information to identify in which of the plurality of groups said particular user is a member and to identify which of the plurality of authentication agents is associated with the identified group;
  
  passing the authentication information to the identified authentication agent that is associated with the identified group in which said particular user is a member;
  
  receiving from the identified authentication agent results of an authentication attempt by the identified authentication agent; and
  
  authorizing the user of the networked application to access the networked application if the authentication attempt was successful.
- View Dependent Claims (2, 3, 4, 5, 6, 13)
- - 2. The method of claim 1, wherein the authentication information passed to the authentication agent comprises account information for said particular user of the networked application.
  - 3. The method of claim 2, wherein the account information for said particular user of the networked application comprises a username and password.
  - 4. The method of claim 1, wherein the group in which said particular user of the networked application is a member is the particular user'"'"'s employer.
  - 5. The method of claim 2, wherein the network computer system is a network computer system from the group consisting of:
    - a Windows NT system and a Unix system.
  - 6. The method of claim 1, further comprising:
    - before accessing the resource, determining whether the server side of the networked application stores authentication credentials for said particular user of the networked application;
      
      if authentication credentials for said particular user of the networked application are not stored by the server side of the networked application, proceeding with authentication by finding the appropriate authentication agent.
  - 13. The method of claim 1, wherein the authentication information for said particular user does not explicitly identify in which of the plurality of groups said particular user is a member.

7. A computer system for authenticating a particular user of a networked application, said networked application having a sever side and a client side, the computer system implementing the server side of the networked application and comprising:
- one or more hardware computers including a hardware memory system;
  
  storing code which when run by the one or more hardware computers causes the computer system to;
  
  receive authentication information for said particular user from the client side of the networked application;
  
  access stored information about a plurality of users, a plurality of groups, and a plurality of authentication agents, wherein said particular user is one of said plurality of users and the stored information indicates which of the plurality of users are members of which of the plurality of groups and which of the plurality of authentication agents are associated with which of the plurality of groups;
  
  use the authentication information received from the client side of the networked application and the stored information to identify in which of the plurality of groups said particular user is a member and to identify which of the plurality of authentication agents is associated with the identified group;
  
  pass the authentication information to the identified authentication agent that is associated with the identified group in which said particular user is a member;
  
  receive from the identified authentication agent results of an authentication attempt by the identified authentication agent; and
  
  authorize the user of the networked application to access the networked application if the authentication attempt was successful.
- View Dependent Claims (8, 9, 10, 11, 12, 14)
- - 8. The system of claim 7, wherein the authentication information passed to the authentication agent comprises account information for said particular user of the networked application.
  - 9. The system of claim 8, wherein the account information for said particular user of the networked application comprises a username and password.
  - 10. The system of claim 7, wherein the group of which said particular user of the networked application is a member is the particular user'"'"'s employer.
  - 11. The system of claim 8, wherein the one or more hardware computers is from the group consisting of:
    - a Windows NT system and a Unix system.
  - 12. The system of claim 7, further comprising a memory storing authentication credentials for the plurality of users;
    - wherein the code stored on the hardware memory system further causes the computer system to;
      
      access the memory in order to determine whether the memory stores authentication credentials for said particular user of the networked application;
      
      attempt to authenticate the user of the networked application using the stored authentication credentials for said particular user of the networked application if authentication credentials for said particular user are stored on the memory; and
      
      pass the authentication information to the authentication agent in order to authenticate said particular user of the networked application if authentication credentials for said particular user of the networked application are not stored on the memory.
  - 14. The system of claim 7, wherein the authentication information for said particular user does not explicitly identify in which of the plurality of groups said particular user is a member.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WebMD Health Corporation
Original Assignee
WebMD Health Corporation
Inventors
Speeter, Tom, Chawla, Rajeev, Framba, Marco, Talla, Venky
Primary Examiner(s)
Dennison; J Bret

Application Number

US10/787,983
Publication Number

US 20040168090A1
Time in Patent Office

2,525 Days
Field of Search

709201-253, 713150-194, 726/12, 726/4
US Class Current

709/229
CPC Class Codes

H04L 63/0281 Proxies

System and method for delegating a user authentication process for a networked application to an authentication agent

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for delegating a user authentication process for a networked application to an authentication agent

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links