Application single sign on leveraging virtual local area network identifier

US 8,195,819 B1
Filed: 07/13/2009
Issued: 06/05/2012
Est. Priority Date: 07/13/2009
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method for providing single sign-on leveraging a virtual local area network identifier, comprising:

providing, by an authentication server, a client device access to a network via association with a virtual local area network and a credential;

receiving, by an application server, a request from the client device to invoke an application hosted on the application server;

maintaining an association between a virtual local area network tag and the client device;

maintaining an association between the client device and a user identification;

identifying, by the application server, the virtual local area network tag associated with the client device included in the request;

sending, by the application server, a first message to the authentication server requesting the user identification associated with the client device based on the virtual local area network tag;

matching, by the authentication server, the virtual local area network tag with the user identification associated with the client device and sending a second message to the application server containing the user identification, wherein the first message to the authentication server further requests a first level of authentication associated with the virtual local area network tag, and wherein the second message to the application server further contains the first level of authentication associated with the virtual local area network tag;

determining, by the application server, that the first level of authentication is insufficient to access the application and notifying the client device;

detecting that the client device severed association with the virtual local area network;

tearing down, by the authentication server, the virtual local area network in response to the detecting;

providing, by an authentication server, the client device a second access to the network via association with a second virtual local area network and a second credential;

receiving, by the application server, a second request from the client device to invoke the application hosted on the application server after severing association with the virtual local area network;

identifying, by the application server, a second virtual local area network tag associated with the second request from the client device;

sending, by the application server, a third message to the authentication server requesting the user identification associated with the client device and requesting a second level of authentication associated with the second virtual local area network tag;

matching, by the authentication server, the second virtual local area network tag with the user identification associated with the client device and sending a fourth message to the application server containing the user identification and the second level of authentication associated with the second virtual local area network tag; and

providing, by the application server, the client device with access to the application using the user identification and the second level of authentication.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor-implemented method for providing application single sign on leveraging a virtual local area network identifier is provided. The method comprises an authentication server providing a client device access to a network via association with a virtual local area network and a credential. The method also comprises the device invoking an application hosted on an application server and the application server identifying a virtual local area network tag associated with the device. The method also comprises the application server sending a message to the authentication server requesting linkage of the tag with a user identification associated with the device. The method also comprises the authentication server linking the tag with the user identification associated with the device and sending a message to the application server containing the identification. The method also comprises the application server using the identification to authenticate the device with the application and the device receiving access.

66 Citations

View as Search Results

13 Claims

1. A processor-implemented method for providing single sign-on leveraging a virtual local area network identifier, comprising:
- providing, by an authentication server, a client device access to a network via association with a virtual local area network and a credential;
  
  receiving, by an application server, a request from the client device to invoke an application hosted on the application server;
  
  maintaining an association between a virtual local area network tag and the client device;
  
  maintaining an association between the client device and a user identification;
  
  identifying, by the application server, the virtual local area network tag associated with the client device included in the request;
  
  sending, by the application server, a first message to the authentication server requesting the user identification associated with the client device based on the virtual local area network tag;
  
  matching, by the authentication server, the virtual local area network tag with the user identification associated with the client device and sending a second message to the application server containing the user identification, wherein the first message to the authentication server further requests a first level of authentication associated with the virtual local area network tag, and wherein the second message to the application server further contains the first level of authentication associated with the virtual local area network tag;
  
  determining, by the application server, that the first level of authentication is insufficient to access the application and notifying the client device;
  
  detecting that the client device severed association with the virtual local area network;
  
  tearing down, by the authentication server, the virtual local area network in response to the detecting;
  
  providing, by an authentication server, the client device a second access to the network via association with a second virtual local area network and a second credential;
  
  receiving, by the application server, a second request from the client device to invoke the application hosted on the application server after severing association with the virtual local area network;
  
  identifying, by the application server, a second virtual local area network tag associated with the second request from the client device;
  
  sending, by the application server, a third message to the authentication server requesting the user identification associated with the client device and requesting a second level of authentication associated with the second virtual local area network tag;
  
  matching, by the authentication server, the second virtual local area network tag with the user identification associated with the client device and sending a fourth message to the application server containing the user identification and the second level of authentication associated with the second virtual local area network tag; and
  
  providing, by the application server, the client device with access to the application using the user identification and the second level of authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the second credential provides a higher level of authentication than the first credential.
  - 3. The method of claim 1, wherein the credential is one of a password, a secure token, and an x.509c3 certificate.
  - 4. The method of claim 1, wherein the authentication server in replying to the application server consults a database of policies originally consulted while authenticating the client device for association with the virtual local area network.
  - 5. The method of claim 1, further comprising:
    - determining, by the authentication server, the second level of authentication associated with the second virtual local area network tag using the second credential provided by the client device.
  - 6. The method of claim 1, wherein the application server maintains a database associating levels of authentication with security thresholds specified to start applications.
  - 7. The method of claim 1, further comprising:
    - mapping, by the application server, the user identification provided by the authentication server to a different user identification known by the application.

8. A processor-implemented method for providing single sign-on leveraging a virtual local area network identifier, comprising:
- providing, by an authentication server, a client device access to a network via association with a virtual local area network and a credential;
  
  receiving, by an application server, a request from the client device to invoke an application hosted on the application server;
  
  maintaining an association between a virtual local area network tag and the client device;
  
  maintaining an association between the client device and a user identification;
  
  identifying, by the application server, the virtual local area network tag associated with the client device included in the request;
  
  sending, by the application server, a first message to the authentication server requesting the user identification associated with the client device based on the virtual local area network tag;
  
  matching, by the authentication server, the virtual local area network tag with the user identification associated with the client device and sending a second message to the application server containing the user identification, wherein the first message to the authentication server further requests an authentication code associated with the virtual local area network tag;
  
  linking, by the authentication server, the virtual local area network tag with the authentication code and sending the second message to the application server further containing the authentication code associated with the virtual local area network tag;
  
  storing, by the application server, the authentication code and providing the client device access to the application based on the authentication code;
  
  receiving, by the application server, a second request from the client device to invoke a second application hosted on the application server; and
  
  providing, by the application server, the client device with access to the second application based on the authentication code by consulting the stored authentication code.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the authentication code indicates a level of authentication achieved by the client device when the client device was associated with the virtual local area network.
  - 10. The method of claim 9, wherein the level of authentication indicated by the authentication code is determined by one of the credential and combination of credentials provided by the client device when associated with the virtual local area network.
  - 11. The method of claim 8, further comprising:
    - accessing, by the application server, a database listing the applications to which the client device has access while associated with the virtual local area network using the authentication code.
  - 12. The method of claim 8, wherein when the client device is authenticated for association with the virtual local area network, the authentication server determines the authentication code based on the credential provided by the client device and associates the virtual local area network tag provided to the client device with the authentication code.
  - 13. The method of claim 8, wherein the client device is one of a desktop computer, laptop computer, tablet computer, mobile telephone, media player, personal digital assistant (PDA), and portable electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Delker, Jason R., Everson, John M., Norris, James W., Whitney, Jason K., Ross, Carol A.
Primary Examiner(s)
JAKOVAC, RYAN J

Application Number

US12/502,227
Time in Patent Office

1,058 Days
Field of Search

709/229, 726/15
US Class Current

709/229
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0892   by using authentication-aut...

Application single sign on leveraging virtual local area network identifier

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Application single sign on leveraging virtual local area network identifier

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others