Single-sign-on method based on markup language and system using the method

US 8,108,921 B2
Filed: 06/10/2005
Issued: 01/31/2012
Est. Priority Date: 06/10/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A single-sign-on method based on a markup language, the method comprising:

requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;

generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and

receiving, by the authentication agent server, the user authentication message, which has a markup language format, from the authentication message generator, and permitting or rejecting access of a mobile device of the user to resources based on the user authentication message,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the current domain, andwherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A single-sign-on method in a wired/wireless hybrid environment and a system using the method are provided. The single-sign-on method includes: requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator; generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the generated authentication domain location information to the user; and if an authentication message of a markup language format is received from the authentication message generator, analyzing the user authentication message and permitting or rejecting access of the user to resources.

61 Citations

View as Search Results

42 Claims

1. A single-sign-on method based on a markup language, the method comprising:
- requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
  
  generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and
  
  receiving, by the authentication agent server, the user authentication message, which has a markup language format, from the authentication message generator, and permitting or rejecting access of a mobile device of the user to resources based on the user authentication message,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the current domain, andwherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the wireless Internet protocol utilizes a wireless application protocol (WAP), and data is transmitted to or received from the user via a WAP gateway.
  - 3. The method of claim 1, wherein the information required for authentication comprises a user name and a user password.
  - 4. The method of claim 1, wherein the information required for authentication comprises a user certificate.
  - 5. The method of claim 1, wherein the information required for authentication comprises a uniform resource locator (URL) indicating a location of a user certificate.
  - 6. The method of claim 1, further comprising:
    - transmitting the user authentication message to another domain if an authentication information request with respect to the user is received from the other domain.
  - 7. The method of claim 6, further comprising:
    - deleting the user authentication message and the authentication domain location information stored in the current domain if the user authentication message is transmitted to the other domain.
  - 8. The method of claim 1, further comprising:
    - transmitting to another domain an authentication notice message informing that the user is normally authenticated by the current domain if an authentication information request with respect to the user is received from the other domain.

9. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
- requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
  
  generating an SAML artifact including location information of a current domain and information required for processing an SAML authentication assertion and transmitting the SAML artifact which is generated to the user; and
  
  receiving, by the authentication agent server, the SAML authentication assertion from the user authentication message generator, and permitting or rejecting access of a mobile device of the user to resources based on the SAML authentication assertion,wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the current domain, andwherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the user via a WAP gateway.
  - 11. The method of claim 9, wherein the information required for authentication comprises a user name and a user password.
  - 12. The method of claim 9, further comprising:
    - if the SAML artifact is received from another domain, transmitting the SAML authentication assertion to the other domain only if it determined that the SAML artifact is neither counterfeited nor altered as a result of checking an integrity of the received SAML artifact.
  - 13. The method of claim 12, further comprising:
    - deleting the SAML authentication assertion and the SAML artifact stored in the current domain if the SAML authentication assertion is transmitted to the other domain.

14. A method of a single-sign-on based on a markup language, the method comprising:
- a mobile device transmitting, to an authentication agent server in a first domain, information required for authentication in order to access service resources of the first domain providing a wired Internet service through wireless Internet;
  
  the mobile device receiving authentication domain location information including location information of the first domain and information required for processing a user authentication message generated by an authentication message generator; and
  
  the mobile device accessing service resources of the first domain,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the first domain, andwherein the authentication message generator is separate from the first domain.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the first domain via a WAP gateway.
  - 16. The method of claim 14, wherein the information required for authentication comprises a user name and a user password.
  - 17. The method of claim 14, further comprising:
    - transmitting the authentication domain location information to a second domain in order to access service resources of the second domain providing a wired Internet service through the wireless Internet and accessing the service resources of the second domain.

18. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
- a mobile device transmitting, to an authentication agent server in a first domain, information required for authentication in order to access service resources of the first domain providing a wired Internet service through wireless Internet;
  
  the mobile device receiving an SAML artifact including location information of the first domain and information required for processing an SAML authentication assertion generated by an authentication message generator; and
  
  the mobile device accessing service resources of the first domain,wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the first domain, andwherein the authentication message generator is separate from the first domain.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the first domain via a WAP gateway.
  - 20. The method of claim 18, wherein the information required for authentication comprises a user name and a user password.
  - 21. The method of claim 18, further comprising:
    - transmitting the SAML artifact to a second domain in order to access service resources of the second domain providing a wired Internet service through the wireless Internet and accessing the service resources of the second domain.

22. A single-sign-on method based on a markup language, the method comprising:
- receiving authentication domain location information including location information of a first domain, which has authenticated a user using wireless Internet, and information required for processing a user authentication message generated by an authentication message generator;
  
  requesting, by an authentication agent server in a second domain, authentication information of the user by transmitting the received authentication domain location information to the first domain, which has authenticated the user; and
  
  receiving, by the authentication agent server in the second domain, the user authentication message which has a markup language format from the first domain, which has authenticated the user, and permitting or rejecting access of a mobile device of the user to resources based on the user authentication message,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the first domain, which has authenticated the user, andwherein the authentication message generator is separate from the first domain and the second domain.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the user via a WAP gateway.
  - 24. The method of claim 22, further comprising:
    - generating authentication domain location information of a current domain including location information of the current domain and information required for processing the user authentication message stored in the current domain and transmitting the authentication domain location information to the user,wherein the information required for processing the user authentication message stored in the current domain includes a pointer indicating the user authentication message stored in the current domain.
  - 25. The method of claim 24, further comprising, if an authentication information request with respect to the user is received from another domain, transmitting the authentication message to the other domain.
  - 26. The method of claim 25, further comprising, if the authentication message is transmitted to the other domain, deleting the authentication message and the authentication domain location information of the current domain stored in the current domain.

27. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
- receiving an SAML artifact including location information of a first domain, which has authenticated a user using wireless Internet, and information required for an SAML authentication assertion generated by an authentication message generator;
  
  requesting, by an authentication agent server in a second domain, authentication information of the user by transmitting the received SAML artifact to the first domain, which has authenticated the user; and
  
  receiving, by the authentication agent server in the second domain, the SAML authentication assertion from the first domain, which has authenticated the user, and permitting or rejecting access of a mobile device of the user to resources based on the SAML authentication assertion,wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the first domain, which has authenticated the user, andwherein the authentication message generator is separate from the first domain and the second domain.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The method of claim 27, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received the user via a WAP gateway.
  - 29. The method of claim 27, further comprising generating an SAML artifact of a current domain including location information of the current domain and information required for processing an SAML authentication assertion stored in the current domain and transmitting the SAML artifact of the current domain to the user,wherein the information required for processing the SAML authentication assertion stored in the current domain includes a pointer indicating the SAML authentication assertion stored in the current domain.
  - 30. The method of claim 29, further comprising if the SAML artifact of the current domain is received from another domain, transmitting the SAML authentication assertion to the other domain only if it is determined that the SAML artifact of the current domain is neither counterfeited nor altered as a result of checking an integrity of the SAML artifact of the current domain.
  - 31. The method of claim 30, further comprising:
    - deleting the SAML authentication assertion and the SAML artifact of the current domain stored in the current domain if the SAML authentication assertion is transmitted to the other domain.

32. A single-sign-on system based on a markup language, the system comprising:
- a plurality of domains which provide service resources to a mobile device of a user using wireless Internet through a gateway performing wired or wireless protocol transformation; and
  
  an authentication message generator which receives information required for user authentication from an authentication agent server in a first domain of the plurality of domains, authenticates the user, generates an authentication message which has a markup language format, and transmits the authentication message to the authentication agent server in the first domain,wherein the first domain, which has received the authentication message, permits or rejects access of the mobile device of the user to service resources based on the user authentication message, generates authentication domain location information including its own location information and information required for processing the user authentication message, transmits the generated authentication domain location information to the mobile device of the user, and transmits the authentication message to a second domain of the plurality of domains if a request for authentication information of the user is received from the second domain,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the first domain, andwherein the authentication message generator is separate from the first domain.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The system of claim 32, wherein after transmitting the authentication message to the second domain, the first domain deletes the authentication message and the authentication domain location information stored therein.
  - 34. The system of claim 32, wherein the information required for user authentication comprises a user name and a user password.
  - 35. The system of claim 32, wherein the gateway is a wireless application protocol (WAP) gateway using a WAP protocol.
  - 36. The system of claim 32, wherein after receiving the authentication message, the second domain generates authentication domain location information of the second domain including its own location information and information required for processing the user authentication message stored in the second domain and transmits the authentication domain location information of the second domain to the user,wherein the information required for processing the user authentication message stored in the second domain includes a pointer indicating the user authentication message stored in the second domain.

37. A single-sign-on system based on a security assertion markup language (SAML), the system comprising:
- a plurality of domains which provide service resources to a mobile device of a user using wireless Internet through a gateway performing wired or wireless protocol transformation; and
  
  an authentication message generator which receives information required for user authentication from an authentication agent server in a first domain of the plurality of domains, authenticates the user, generates an SAML authentication assertion, and transmits the SAML authentication assertion to the authentication agent server in the first domain,wherein the first domain, which has received the SAML authentication assertion, permits or rejects access of the mobile device of the user to service resources based on the SAML authentication assertion, generates an SAML artifact including its own location information and information required for processing the SAML authentication assertion, transmits the SAML artifact to the mobile device of the user, and if a request for the user authentication is received from a second domain using the SAML artifact, transmits the SAML authentication assertion to the second domain of the plurality of domains only if it determined that the SAML artifact is neither counterfeited nor altered as a result of checking an integrity of the SAML artifact,wherein the information required for processing the SAML authentication assertion includes a pointer indicating the SAML authentication assertion stored in the first domain, andwherein the authentication message generator is separate from the first domain.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The system of claim 37, wherein after transmitting the SAML authentication assertion to the second domain, the first domain deletes the SAML authentication assertion and the SAML artifact stored therein.
  - 39. The system of claim 37, wherein the information required for user authentication comprises a user name and a user password.
  - 40. The system of claim 37, wherein the gateway is a wireless application protocol (WAP) gateway using a WAP protocol.
  - 41. The system of claim 37, wherein after transmitting the SAML authentication assertion, the second domain generates an SAML artifact of the second domain including its own location information and information required for processing the SAML authentication assertion stored in the second domain and transmits the SAML artifact of the second domain to the user.

42. A computer-readable recording medium having recorded thereon a computer-readable program for performing a single-sign-on method based on a markup language, the method comprising:
- requesting, by an authentication agent server, user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
  
  generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and
  
  receiving, by the authentication agent server, an authentication message which has a markup language format from the authentication message generator, and permitting or rejecting access of the user to resources based on the user authentication message,wherein the information required for processing the user authentication message includes a pointer indicating the user authentication message stored in the current domain, andwherein the authentication agent server is in the current domain and the authentication message generator is separate from the current domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Industry-Academia Cooperation Group of Sejong University, Samsung Electronics Co. Ltd.
Original Assignee
Industry-Academia Cooperation Group of Sejong University, Samsung Electronics Co. Ltd.
Inventors
Shin, Dong-kyoo, Shin, Dong-il, Jeong, Jong-il
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US11/149,150
Publication Number

US 20050277420A1
Time in Patent Office

2,426 Days
Field of Search

726/8, 726/30
US Class Current

726/8
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04W 12/069   using certificates or pre-s...

H04W 8/08   Mobility data transfer

Single-sign-on method based on markup language and system using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Single-sign-on method based on markup language and system using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links