Method and system for single sign-on for multiple remote sites of a computer network
First Claim
1. A method for linking a first network computer with a second network computer, wherein a user who is authenticated on the first network computer is automatically logged in to the second network computer, the method comprising the steps of:
- generating a link request with the first network computer, wherein the link request includes;
a plaintext component including an identifier associated with the first network computer and information for locating a resource of the second network computer; and
a hashed component including a first hash result formed by applying a hashing function to information in the plaintext component and a secret known to the first network computer and the second network computer;
authenticating the link request with the second network computer and without using a two-way encryption process, including;
generating a second hash result by applying the hashing function to information in the plaintext component of the link request and the secret;
comparing the first hash result with the second hash result; and
logging the user into the second network computer based on the comparison of the first hash result with the second hash result.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method links first and second computers of a network to implement a single sign on feature. The first computer generates a link request having a plaintext component and a hashed component. The plaintext component includes an identifier associated with the first network computer and information for locating a resource of the second network computer. The hashed component includes a first hash result formed by applying a hashing function to the plaintext component and a secret known to the first network computer and the second network computer. The second computer authenticates the link request without using a two-way encryption process by generating a second hash result by applying the hashing function to the plaintext component of the link request and the secret and comparing the first hash result with the second hash result.
-
Citations
19 Claims
-
1. A method for linking a first network computer with a second network computer, wherein a user who is authenticated on the first network computer is automatically logged in to the second network computer, the method comprising the steps of:
-
generating a link request with the first network computer, wherein the link request includes; a plaintext component including an identifier associated with the first network computer and information for locating a resource of the second network computer; and a hashed component including a first hash result formed by applying a hashing function to information in the plaintext component and a secret known to the first network computer and the second network computer; authenticating the link request with the second network computer and without using a two-way encryption process, including; generating a second hash result by applying the hashing function to information in the plaintext component of the link request and the secret; comparing the first hash result with the second hash result; and logging the user into the second network computer based on the comparison of the first hash result with the second hash result. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for linking a first network server with a second network server, the method comprising:
-
receiving a link request at the second network server, wherein the link request includes; an identifier associated with the first network server and information for locating a resource of the second network server; a hashed component formed by applying a hashing function to information including; the identifier; a password known to each of the first network server and the second network server and associated with the first network server for accessing the second network server; authenticating the link request, including; generating a hash result by applying the hashing function to information including the identifier and the password; comparing the hash result with the hashed component of the received link request; and logging the user in to the second network based on the result of comparing the hash result with the hashed component of the link request. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method for redirecting a remote user computer to a second restricted access network resource so that the user of the remote user computer is automatically authenticated on the second restricted access network resource, wherein the remote user computer is in communication with a first restricted access network resource and a user of the remote user computer has been authenticated on the first restricted access network resource, the method comprising:
-
receiving a request from the remote user computer to the first restricted access network resource to access the second restricted access network resource; generating a link request having; a plaintext component including an identifier associated with the first restricted access network resource and information for locating the second restricted access network resource; a hashed component formed by applying a hashing process to information including the identifier and a secret known to the first restricted access network resource and the second restricted access network resource; returning the link request to the remote user computer; redirecting the remote user computer to the second restricted access network resource, including communicating authentication information to the remote user computer; directing the link request to the second restricted access network resource; generating an encryption result at the second restricted access network resource by applying the one-way encryption process to a portion of a plaintext component of the link request using the secret; comparing the encryption result with an encrypted component of the link request to determine whether the link request is valid. - View Dependent Claims (13, 14, 15)
-
-
16. A method for automatically authenticating a remote user on a second restricted access network resource, the method comprising the steps of:
accepting an incoming link request from a remote user computer, wherein the remote user computer is in communication with a first restricted access network resource and wherein the link request includes; a plaintext component including information for locating the second restricted access network resource; an encrypted component formed without using a two-way encryption process and by applying a one-way encryption process to at least a portion of the plaintext component using a secret known to the first network resource and the second restricted access network resource; generating an encryption result by applying the one-way encryption process to the portion of the plaintext component using the secret; comparing the encryption result with the encrypted component of the incoming link request to determine whether the link request is valid; and authorizing access to the second restricted access network resource if the link request is valid. - View Dependent Claims (17, 18, 19)
Specification