Method and system for single sign-on for multiple remote sites of a computer network

US 8,209,541 B2
Filed: 08/10/2010
Issued: 06/26/2012
Est. Priority Date: 10/03/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for linking a first network computer with a second network computer, wherein a user who is authenticated on the first network computer is automatically logged in to the second network computer, the method comprising the steps of:

generating a link request with the first network computer, wherein the link request includes;

a plaintext component including an identifier associated with the first network computer and information for locating a resource of the second network computer; and

a hashed component including a first hash result formed by applying a hashing function to information in the plaintext component and a secret known to the first network computer and the second network computer;

authenticating the link request with the second network computer and without using a two-way encryption process, including;

generating a second hash result by applying the hashing function to information in the plaintext component of the link request and the secret;

comparing the first hash result with the second hash result; and

logging the user into the second network computer based on the comparison of the first hash result with the second hash result.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method links first and second computers of a network to implement a single sign on feature. The first computer generates a link request having a plaintext component and a hashed component. The plaintext component includes an identifier associated with the first network computer and information for locating a resource of the second network computer. The hashed component includes a first hash result formed by applying a hashing function to the plaintext component and a secret known to the first network computer and the second network computer. The second computer authenticates the link request without using a two-way encryption process by generating a second hash result by applying the hashing function to the plaintext component of the link request and the secret and comparing the first hash result with the second hash result.

Citations

19 Claims

1. A method for linking a first network computer with a second network computer, wherein a user who is authenticated on the first network computer is automatically logged in to the second network computer, the method comprising the steps of:
- generating a link request with the first network computer, wherein the link request includes;
  
  a plaintext component including an identifier associated with the first network computer and information for locating a resource of the second network computer; and
  
  a hashed component including a first hash result formed by applying a hashing function to information in the plaintext component and a secret known to the first network computer and the second network computer;
  
  authenticating the link request with the second network computer and without using a two-way encryption process, including;
  
  generating a second hash result by applying the hashing function to information in the plaintext component of the link request and the secret;
  
  comparing the first hash result with the second hash result; and
  
  logging the user into the second network computer based on the comparison of the first hash result with the second hash result.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the link request is in the form of a URL.
  - 3. The method of claim 1, wherein the link request is in the form of an HTTP URL.
  - 4. The method of claim 1, wherein the link request further includes a timestamp.
  - 5. The method of claim 1, wherein the link request further includes a unique sequence number for each use of the link request.

6. A method for linking a first network server with a second network server, the method comprising:
- receiving a link request at the second network server, wherein the link request includes;
  
  an identifier associated with the first network server and information for locating a resource of the second network server;
  
  a hashed component formed by applying a hashing function to information including;
  
  the identifier;
  
  a password known to each of the first network server and the second network server and associated with the first network server for accessing the second network server;
  
  authenticating the link request, including;
  
  generating a hash result by applying the hashing function to information including the identifier and the password;
  
  comparing the hash result with the hashed component of the received link request; and
  
  logging the user in to the second network based on the result of comparing the hash result with the hashed component of the link request.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein the link request is in the form of a URL.
  - 8. The method of claim 6, wherein the link request is in the form of an HTTP URL.
  - 9. The method of claim 6, wherein authenticating the link request is performed without using a two-way encryption process.
  - 10. The method of claim 6, wherein the link request includes a timestamp.
  - 11. The method of claim 6, wherein the link request includes a unique sequence number for each use of the link request.

12. A method for redirecting a remote user computer to a second restricted access network resource so that the user of the remote user computer is automatically authenticated on the second restricted access network resource, wherein the remote user computer is in communication with a first restricted access network resource and a user of the remote user computer has been authenticated on the first restricted access network resource, the method comprising:
- receiving a request from the remote user computer to the first restricted access network resource to access the second restricted access network resource;
  
  generating a link request having;
  
  a plaintext component including an identifier associated with the first restricted access network resource and information for locating the second restricted access network resource;
  
  a hashed component formed by applying a hashing process to information including the identifier and a secret known to the first restricted access network resource and the second restricted access network resource;
  
  returning the link request to the remote user computer;
  
  redirecting the remote user computer to the second restricted access network resource, including communicating authentication information to the remote user computer;
  
  directing the link request to the second restricted access network resource;
  
  generating an encryption result at the second restricted access network resource by applying the one-way encryption process to a portion of a plaintext component of the link request using the secret;
  
  comparing the encryption result with an encrypted component of the link request to determine whether the link request is valid.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the information to which the hashing process is applied does not include information that is encoded using a two-way encoding process.
  - 14. The method of claim 12, wherein the link request includes a timestamp.
  - 15. The method of claim 12, wherein the link request includes a unique sequence number for each use of the link request.

16. A method for automatically authenticating a remote user on a second restricted access network resource, the method comprising the steps of:
- accepting an incoming link request from a remote user computer, wherein the remote user computer is in communication with a first restricted access network resource and wherein the link request includes;
  
  a plaintext component including information for locating the second restricted access network resource;
  
  an encrypted component formed without using a two-way encryption process and by applying a one-way encryption process to at least a portion of the plaintext component using a secret known to the first network resource and the second restricted access network resource;
  
  generating an encryption result by applying the one-way encryption process to the portion of the plaintext component using the secret;
  
  comparing the encryption result with the encrypted component of the incoming link request to determine whether the link request is valid; and
  
  authorizing access to the second restricted access network resource if the link request is valid.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the link request is in the form of a URL.
  - 18. The method of claim 16, wherein the link request includes a timestamp.
  - 19. The method of claim 16, wherein the link request includes a unique sequence number for each use of the link request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
RPX Corporation
Inventors
Deutschmann, Frank, Tilly, Benjamin J.
Primary Examiner(s)
Goodarzi, Nasser
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US12/853,821
Publication Number

US 20100325440A1
Time in Patent Office

686 Days
Field of Search

709/219, 709/226, 709/227, 709/229, 713/182, 713/168, 713/183, 726 2- 8
US Class Current

713/182
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Method and system for single sign-on for multiple remote sites of a computer network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for single sign-on for multiple remote sites of a computer network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links