Single-sign-on method based on markup language and system using the method
First Claim
1. A single-sign-on method based on a markup language, the method comprising:
- requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and
receiving, by the authentication agent server, the user authentication message, which has a markup language format, from the authentication message generator, and permitting or rejecting access of a mobile device of the user to resources based on the user authentication message,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the current domain, andwherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A single-sign-on method in a wired/wireless hybrid environment and a system using the method are provided. The single-sign-on method includes: requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator; generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the generated authentication domain location information to the user; and if an authentication message of a markup language format is received from the authentication message generator, analyzing the user authentication message and permitting or rejecting access of the user to resources.
-
Citations
42 Claims
-
1. A single-sign-on method based on a markup language, the method comprising:
-
requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator; generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and receiving, by the authentication agent server, the user authentication message, which has a markup language format, from the authentication message generator, and permitting or rejecting access of a mobile device of the user to resources based on the user authentication message, wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the current domain, and wherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
-
requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator; generating an SAML artifact including location information of a current domain and information required for processing an SAML authentication assertion and transmitting the SAML artifact which is generated to the user; and receiving, by the authentication agent server, the SAML authentication assertion from the user authentication message generator, and permitting or rejecting access of a mobile device of the user to resources based on the SAML authentication assertion, wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the current domain, and wherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of a single-sign-on based on a markup language, the method comprising:
-
a mobile device transmitting, to an authentication agent server in a first domain, information required for authentication in order to access service resources of the first domain providing a wired Internet service through wireless Internet; the mobile device receiving authentication domain location information including location information of the first domain and information required for processing a user authentication message generated by an authentication message generator; and the mobile device accessing service resources of the first domain, wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the first domain, and wherein the authentication message generator is separate from the first domain. - View Dependent Claims (15, 16, 17)
-
-
18. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
-
a mobile device transmitting, to an authentication agent server in a first domain, information required for authentication in order to access service resources of the first domain providing a wired Internet service through wireless Internet; the mobile device receiving an SAML artifact including location information of the first domain and information required for processing an SAML authentication assertion generated by an authentication message generator; and the mobile device accessing service resources of the first domain, wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the first domain, and wherein the authentication message generator is separate from the first domain. - View Dependent Claims (19, 20, 21)
-
-
22. A single-sign-on method based on a markup language, the method comprising:
-
receiving authentication domain location information including location information of a first domain, which has authenticated a user using wireless Internet, and information required for processing a user authentication message generated by an authentication message generator; requesting, by an authentication agent server in a second domain, authentication information of the user by transmitting the received authentication domain location information to the first domain, which has authenticated the user; and receiving, by the authentication agent server in the second domain, the user authentication message which has a markup language format from the first domain, which has authenticated the user, and permitting or rejecting access of a mobile device of the user to resources based on the user authentication message, wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the first domain, which has authenticated the user, and wherein the authentication message generator is separate from the first domain and the second domain. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
-
receiving an SAML artifact including location information of a first domain, which has authenticated a user using wireless Internet, and information required for an SAML authentication assertion generated by an authentication message generator; requesting, by an authentication agent server in a second domain, authentication information of the user by transmitting the received SAML artifact to the first domain, which has authenticated the user; and receiving, by the authentication agent server in the second domain, the SAML authentication assertion from the first domain, which has authenticated the user, and permitting or rejecting access of a mobile device of the user to resources based on the SAML authentication assertion, wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the first domain, which has authenticated the user, and wherein the authentication message generator is separate from the first domain and the second domain. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A single-sign-on system based on a markup language, the system comprising:
-
a plurality of domains which provide service resources to a mobile device of a user using wireless Internet through a gateway performing wired or wireless protocol transformation; and an authentication message generator which receives information required for user authentication from an authentication agent server in a first domain of the plurality of domains, authenticates the user, generates an authentication message which has a markup language format, and transmits the authentication message to the authentication agent server in the first domain, wherein the first domain, which has received the authentication message, permits or rejects access of the mobile device of the user to service resources based on the user authentication message, generates authentication domain location information including its own location information and information required for processing the user authentication message, transmits the generated authentication domain location information to the mobile device of the user, and transmits the authentication message to a second domain of the plurality of domains if a request for authentication information of the user is received from the second domain, wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the first domain, and wherein the authentication message generator is separate from the first domain. - View Dependent Claims (33, 34, 35, 36)
-
-
37. A single-sign-on system based on a security assertion markup language (SAML), the system comprising:
-
a plurality of domains which provide service resources to a mobile device of a user using wireless Internet through a gateway performing wired or wireless protocol transformation; and an authentication message generator which receives information required for user authentication from an authentication agent server in a first domain of the plurality of domains, authenticates the user, generates an SAML authentication assertion, and transmits the SAML authentication assertion to the authentication agent server in the first domain, wherein the first domain, which has received the SAML authentication assertion, permits or rejects access of the mobile device of the user to service resources based on the SAML authentication assertion, generates an SAML artifact including its own location information and information required for processing the SAML authentication assertion, transmits the SAML artifact to the mobile device of the user, and if a request for the user authentication is received from a second domain using the SAML artifact, transmits the SAML authentication assertion to the second domain of the plurality of domains only if it determined that the SAML artifact is neither counterfeited nor altered as a result of checking an integrity of the SAML artifact, wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the first domain, and wherein the authentication message generator is separate from the first domain. - View Dependent Claims (38, 39, 40, 41)
-
-
42. A computer-readable recording medium having recorded thereon a computer-readable program for performing a single-sign-on method based on a markup language, the method comprising:
-
requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator; generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and receiving, by the authentication agent server, an authentication message which has a markup language format from the authentication message generator, and permitting or rejecting access of the user to resources based on the user authentication message, wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the current domain, and wherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain.
-
Specification